Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Classic tech archive. From the original averyjparker.com tech blog — historical context; pair with modern guides where noted. Full archive · Maker projects · Network Ninja

Classic tip · Classic

Interesting vector for browser vulnerability exploit...ebay

incidents.org has received a tip on an ebay item that contained some malicious script... ISC reader Gareth Attrill pointed us to an eBay auction that has some escaped HTML code that sneaks in a link …

Written by

Avery J. Parker

IT veteran, maker educator, and author of Network Ninja, 3D Printing Mastery, and AI Workflow Mastery. Business IT: Diversified Tech Solutions.

incidents.org has received a tip on an ebay item that contained some malicious script...
ISC reader Gareth Attrill pointed us to an eBay auction that has some escaped HTML code that sneaks in a link that tries to get a trojanized .jar (usage.jar) file loaded on anyone who loads the listing. The latest .dat for McAfee immediately detected (and deleted) the code as Exploit-ByteVerify. The lister most likely managed to bypass other protections that otherwise prevents this kind of code from being inserted into item listings. Both eBay and the ISP that is hosting the malware have been notified.
This is an interesting way to use a legit site to sneak something past the casual users. Their warning is to verify any html input that you allow from visitors to your site.