Doc's Quality Cars

BestAtvStore.com XSS Cross Site Scripting Fraud

This poster on eBay’s Motors Forums claimed he was redirected to www.bestatvstore.com after clicking on an eBay internal link. That sounds like another eBay XSS Redirect that has been uncorrected for many years.

Hey John Bodine.. Why don’t you post in one of your eBay forums “we heard you and have fixed that redirect vulnerability.” Watch that post go Poof! LOL!!

Actually today a Google Safe Browsing look up on eBay.com showed 74 Scripting Exploits, and 3 Trojans. And this US-Cert Vulnerability Note VU#808921 warns of this scripting vulnerability: eBay contains a cross-site scripting vulnerability.

From the US-CERT about eBay: “An attacker may be able to obtain sensitive data from the eBay web site. As of the publication of this document, attackers are using this vulnerability to redirect auction viewers to phishing sites and to modify the eBay auction page to steal credentials. A wide range of impacts may be possible, including disclosure of passwords, credit card numbers, or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support.”

And as far as www.bestatvstore.com goes.. It just wreaks of Fraud! No Phone Number listed and Payment by Bank Wire Transfer Only! I wouldn’t even consider buying an ATV from that website!

Google Maps Look up On 9145 S Federal Way Boise, ID 83716

Beware Of Vehicle Fraud Everyone! SCAMMERS ARE EVERYWHERE! 😉

Google Safe Browsing Report On eBay.com As Of 10/23/2011

Google Safe Browsing Report On eBay.com As Of 10/23/2011

US-CERT VU#808921 Vulnerability Note About eBay.com

US-CERT VU#808921 Vulnerability Note About eBay.com

Former eBay Motors PowerSeller and retired licensed Florida used car dealer with over 40 years experience in the business blogs about eBay. He shares helpful advice for motor vehicle buyers and sellers. Have questions or need help? Ask Doc!

5 Comments

  1. Doc

    Hmmmm.. bestatvstore.com has apparently been shut down by Yahoo!

    I guess if it walks like a duck, quacks like a duck, It MUST be a Duck! But it will be back under another domain name attempting to scam someone!

    Hopefully nobody fell victim to it. If you sent your money better report it to the FBI at http://www.IC3.GOV

    Nameserver trace for bestatvstore.com:

    Looking for who is responsible for root zone and followed d.root-servers.net.
    Looking for who is responsible for com and followed e.gtld-servers.net.
    Looking for who is responsible for bestatvstore.com and followed yns2.yahoo.com.

    Nameservers for bestatvstore.com:

    yns1.yahoo.com returned (NORECORDS)
    yns2.yahoo.com returned (NORECORDS)

    Reply
  2. lazersnark

    I’ve been keeping an eye on the google safe browsing report page for ebay since I saw it mentioned at rateebay.com. http://tinyurl.com/3lx83nl

    It’s been showing infections found nearly every single day.
    I’m just wondering why that hasn’t gotten any attention from more ebay blogs, or on ebay forums or announcement boards? Seems suspect.

    For anyone reading this, don’t use ebay. I’ll say it again. Do NOT use eBay! Tell anyone you care about not to either. It’s an ID theft AIDS repository and a claptrap. Your ‘stuff’ will turn green and fall off, your ID will get stolen.

    Ebay will blame you even though everything wrong and/or bad on that site is 100% their fault.

    Reply
  3. Ron

    I had dealings with this (to good to be true) ATV store I called the Cummins trk store (just down the road in Idaho) they said there was no ATV shop @ the given address ! then the ATV store directed me to send $$ via Western Union to a FL address (for quicker delivery)@ that point I called the Sheriff in ID & reported them 🙂

    Reply
  4. Rahul

    Oh I’m over it. I Oh I’m over it. I just don’t like video responses motiavted by envy or jealousy, which is all this is. Why trash a video about a group of guys who are simply following their dreams and living life to the fullest? They’re not being egotistical or saying they’re better than anyone else, they’re just doing what they love and sharing it with others. The people who made Wet Dream Result will probably be sitting around when they’re 80 years old and think Damn, we never did anything with our lives.

    Reply
    1. Doc

      Geez Rahul, You approve of Scammers stealing money from innocent people?

      Reply

Leave a Comment

Your email address will not be published.