An Indian security researcher named ‘Ishwar Prasad Bhat‘ found a Vulnerability in eBay (A Largest online Shopping website) which allowed him to purchase any product on eBay in just (1 Rupee=$0.02).
We were also shocked at that time, when we heard about the vulnerability-if we talk more about the vulnerability, so you could buy a thousand dollars item in just $0.02 (we converted 1 rupee into dollar here).
According to Ishwar, by just applying a fake coupon code, a user can buy any of the items from eBay in just 1 rupee, he told “the value of the code is hidden in the page itself. After 3 wrong attempts the web page asks for a verification code which can be obtained from the Gift String in the source code and by just modifying the value for the coupon code you can buy anything in just 1 Rupee”
Ishwar also shows us a screenshot in which he applied a custom coupon ‘testtes123’ and was ready to purchase the item in 1 rupee:
Ishwar also shared a POC video:
Ishwar reported this vulnerability to eBay on Aug-6-2013 and asked them for his reward but, eBay refused and replied:
Right now, the vulnerability has been patched by eBay.
Well that sucks, Ebay is an ungrateful shebitch!
Thats Why I Am Not Report Any Vulnerability