Providing Free and Editor Tested Software Downloads
< HOME | TUTORIALS | GEEK-CADE| WEB TOOLS | YOUTUBE | NEWSLETTER | DEALS! | FORUMS | >

Major Geeks.com- Feel the Geek.. BE the Geek!

Software Categories

All In One Tweaks
Android
Antivirus & Malware
Appearance
Back Up
Browsers
CD\DVD\Blu-Ray
Covert Ops
Drivers
Drives (SSD, HDD, USB)
Games
Graphics & Photos
Internet Tools
Linux Distros
MajorGeeks Windows Tweaks
Multimedia
Networking
Office & Productivity
System Tools

Other news

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews




spread the word

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds
· News Blur
· Yahoo
· Symbaloo

about

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us
· Copyright
· Privacy
· Terms of Service
· How to Uninstall

top downloads

1. GS Auto Clicker
2. Macrium Reflect FREE Edition
3. Smart Defrag
4. Visual C++ Redistributable Runtimes AIO Repack
5. Visual C++ Runtime Installer (All-In-One)
6. McAfee Removal Tool (MCPR)
7. MusicBee
8. Rufus
9. K-Lite Mega Codec Pack
10. Sergei Strelec's WinPE
More >>

top reads

Star How to Disable 1-Click Ordering on Amazon (and Avoid Surprise Charges)

Star How to Fix Shallow Paint Layer Depth in Bambu Studio

Star Aviator Betting Game Secrets: Unlock 97% RTP & Triple Your Wins

Star Windows Recall: What It Is, Why Hackers Will Love It, and How to Stay Safe

Star Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

Star How To Use VLC Media Player to Trim Video Clips

Star What Is the $WinREAgent Folder and Can I Delete It?

Star Swear Your Way to Better Search Results

Star How to Get a Dark Start Menu and Taskbar in Windows 10 & 11

Star Enable, Disable, Manage, Delete or Create a System Restore Point


MajorGeeks.Com » News » May 2013 » Flaws found in Paypal

Flaws found in Paypal


Posted by: TimW on 05/28/2013 03:00 PM [ comments Comments ]


Being only 17, and therefore not eligible for the official Bug Bounty Program, German schoolboy Robert Kugler has posted information on a cross-site scripting vulnerability in payment processing service PayPal.

He has pointed out that Paypal servers apparently fail to check strings entered in the German version of the site-wide search field. The result is that it is possible to enter JavaScript in this field, which the server then sends to the browser. The browser then executes this code. Attackers can exploit such cross-site scripting (XSS) vulnerabilities to, among other things, steal access credentials. The issue can be demonstrated by entering ( see the below example ):

"

A simple string is able to bypass PayPal's entry filter and enable attackers to execute arbitrary JavaScript


The English language version of search on PayPal directs users to a different, apparently externally run, search engine. The XSS flaw could though still be of use in attacks on English speakers using PayPal.

Note the fake site as seen below:

Note the XSS trickery - despite a PayPal URL and a valid PayPal certificate, login credentials entered here are sent, not to PayPal, but to The H's German associates at heise.de


The simple attack described by Kugler does not work with WebKit-based browsers (Safari and Chrome), which include an XSS filter. This can, however, be circumvented. Opera, Firefox and Internet Explorer users are vulnerable to the PayPal vulnerability. Mozilla developers are working on their own XSS filter, but development appears to have come to a halt.


« Hacker pleads guilty to Stratfor attack · Flaws found in Paypal · Check out this RC car that turns into a quadrocopter (Video) »




Comments
comments powered by Disqus

MajorGeeks.Com » News » May 2013 » Flaws found in Paypal

© 2000-2025 MajorGeeks.com
Powered by Contentteller® Business Edition