This poster on eBay’s Motors Forums claimed he was redirected to www.bestatvstore.com after clicking on an eBay internal link. That sounds like another eBay XSS Redirect that has been uncorrected for many years.
Hey John Bodine.. Why don’t you post in one of your eBay forums “we heard you and have fixed that redirect vulnerability.” Watch that post go Poof! LOL!!
From the US-CERT about eBay: “An attacker may be able to obtain sensitive data from the eBay web site. As of the publication of this document, attackers are using this vulnerability to redirect auction viewers to phishing sites and to modify the eBay auction page to steal credentials. A wide range of impacts may be possible, including disclosure of passwords, credit card numbers, or other personal information. Likewise, information stored in cookies could be stolen or corrupted. An attacker could also exploit web browser vulnerabilities that require scripting support.”
And as far as www.bestatvstore.com goes.. It just wreaks of Fraud! No Phone Number listed and Payment by Bank Wire Transfer Only! I wouldn’t even consider buying an ATV from that website!