Press "Enter" to skip to content

B0rken eBay Express

Broken Ebay ExpressI was just poking around eBay earlier and I came across mention of “eBayExpress” and thought it’ll be interesting to sign up. So I tried to – but hit a load of debug information.

Interesting stuff: eBay Express appears to run in PHP (as can be confirmed in the URL), but it runs on Microsoft SQL Server (as can be evidenced by the MS SQL/mssql mentions in the error messages) and they use the “sa” (super administrator) account to login to the MS SQL server: a big no no in any security aware programmer’s book. They also have the web server running on the same server as the database server (as evidenced by the “Unable to connect to server: localhost” section) and they keep everything in nice distinct files. They also have warnings turned on on their server.

Interesting stuff (for a techy like me!).

[added]

Steps to replicate:

  1. Go to eBayExpress.co.uk
  2. Scroll down and click on “Sell on eBay Express
  3. Scroll down to “Related Links” and click on Register
  4. Scroll down to Step 4 and click on Agree to ebay express service standards here
  5. Click on the “Click here if you have lost, forgotten or have not received a verification code
  6. Login to ebay
  7. You are then taken to https://ebayexpressregistration.ebaydevelopment.co.uk/authAccept.php with the error messages.

Warning: mssql_connect() [function.mssql-connect]: message: Login failed for user ‘sa’. (severity 14) in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\dbconn.php on line 5

Warning: mssql_connect() [function.mssql-connect]: Unable to connect to server: localhost in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\dbconn.php on line 5

Warning: mssql_select_db(): supplied argument is not a valid MS SQL-Link resource in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\dbconn.php on line 6

Notice: Undefined index: username in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\authAccept.php on line 20

Notice: Undefined index: ebaytkn in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\authAccept.php on line 21

Warning: mssql_query() [function.mssql-query]: message: Login failed for user ‘(null)’. Reason: Not associated with a trusted SQL Server connection. (severity 14) in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\authAccept.php on line 25

Warning: mssql_query() [function.mssql-query]: Unable to connect to server: (null) in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\authAccept.php on line 25

Warning: mssql_query() [function.mssql-query]: A link to the server could not be established in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\authAccept.php on line 25

Warning: mssql_num_rows(): supplied argument is not a valid MS SQL-result resource in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\authAccept.php on line 26

Warning: mssql_fetch_array(): supplied argument is not a valid MS SQL-result resource in D:\_sites\ebayexpressregistration.ebaydevelopment.co.uk\site\authAccept.php on line 27

One Comment

  1. Beebs (aka: Richard) – Need to talk to you. Has to do with our shared editorial past. You have my email, or you can catch me on AIM… robjones3030 .

    Hope all is well, and congrats on the marriage. [Nice blog btw.]

    Regards ~ Rob

Comments are closed.