We just discovered an exploit/bug on eBay where shipping cost is not re-calculated when buyers change their shipping address when paying for an order accepted through offers.
I was able to replicate this bug on all sellers using shipping rate tables.
By exploiting this bug, I will be able to place and pay for orders with cheap shipping cost and ship to anywhere in the world.
Please pass this on to responsible teams and implement fixes accordingly.
Here's how the exploit works: (step-by-step)
1. Identify any domestic (US) products using both domestic and international shipping rate tables, (e.g. any of our products)
2. Login to any eBay account, set primary shipping address to any Canadian address for example, or any address outside of US.
3. Make an offer on a product
4. Seller accepts the product and sends me an invoice with shipping to my default Canadian shipping address.
5. I login to eBay and pay for the order. But before clicking on the Confirm & Pay button, I change my shipping address to a France address for example
6. I then, will be able to pay for the order with a shipping cost calculated using my account's primary shipping address (Canadian) but update the order's ship to address to a France address.
Fix: eBay platform should have re-calculated the shipping cost (Step 5 above) when I changed the ship to address from a Canadian address to a France address.
We were able to replicate this by having a Buyer account with Canadian Primary Shipping Address (while located in France) and making offers on multiple US eBay Sellers using International Shipping Rate tables. We were able to place and pay for orders and update the shipping address to France without having the shipping cost recalculated on orders created via offers.
