Providing Free and Editor Tested Software Downloads
< HOME | TUTORIALS | GEEK-CADE| WEB TOOLS | YOUTUBE | NEWSLETTER | DEALS! | FORUMS | >

MajorGeeks.com - This is my Geek. There are many like him but this one is mine.

Software Categories

All In One Tweaks
Android
Antivirus & Malware
Appearance
Back Up
Browsers
CD\DVD\Blu-Ray
Covert Ops
Drivers
Drives (SSD, HDD, USB)
Games
Graphics & Photos
Internet Tools
Linux Distros
MajorGeeks Windows Tweaks
Multimedia
Networking
Office & Productivity
System Tools

Other news

· How To and Tutorials
· Life Hacks and Reviews
· Way Off Base
· MajorGeeks Deals
· News
· Off Base
· Reviews




spread the word

· YouTube
· Facebook
· Instagram
· Twitter
· Pintrest
· RSS/XML Feeds
· News Blur
· Yahoo
· Symbaloo

about

· Top Freeware Picks
· Malware Removal
· Geektionary
· Useful Links
· About Us
· Copyright
· Privacy
· Terms of Service
· How to Uninstall

top downloads

1. GS Auto Clicker
2. Smart Defrag
3. Macrium Reflect FREE Edition
4. Sergei Strelec's WinPE
5. MusicBee
6. Visual C++ Redistributable Runtimes AIO Repack
7. K-Lite Mega Codec Pack
8. ImgBurn
9. Unlocker
10. FlyOobe / Flyby11
More >>

top reads

Star 8 Windows Shortcuts That’ll Make You More Productive and Save You Time

Star Windows 10 Not Dead Yet - You Can Still Get Updates For Free

Star What is a '400 Bad Request - Request Header or Cookie Too Large' Error and How to Fix It

Star How to Fix Windows Install Error 0xC1900101

Star How to Force Enable Windows 10 Extended Security Updates If The Option Is Not Showing

Star Windows 11 25H2 is Out: What’s New and How to Get It Now.

Star Star Trek Fleet Command Promo Codes: Redeem Codes for Free Shards, Blueprints And Resources

Star Boost Your PC Speed with ReadyBoost: How a Thumb Drive Can Enhance Your System's Performance

Star 5 Hidden Windows Tools You’ve Had All Along But Never Use

Star Use the Windows 10 Media Creation Tool Before Support Ends For Windows 10 in 2025


MajorGeeks.Com » News » May 2013 » Flaws found in Paypal

Flaws found in Paypal


Posted by: TimW on 05/28/2013 03:00 PM [ comments Comments ]


Being only 17, and therefore not eligible for the official Bug Bounty Program, German schoolboy Robert Kugler has posted information on a cross-site scripting vulnerability in payment processing service PayPal.

He has pointed out that Paypal servers apparently fail to check strings entered in the German version of the site-wide search field. The result is that it is possible to enter JavaScript in this field, which the server then sends to the browser. The browser then executes this code. Attackers can exploit such cross-site scripting (XSS) vulnerabilities to, among other things, steal access credentials. The issue can be demonstrated by entering ( see the below example ):

"

A simple string is able to bypass PayPal's entry filter and enable attackers to execute arbitrary JavaScript


The English language version of search on PayPal directs users to a different, apparently externally run, search engine. The XSS flaw could though still be of use in attacks on English speakers using PayPal.

Note the fake site as seen below:

Note the XSS trickery - despite a PayPal URL and a valid PayPal certificate, login credentials entered here are sent, not to PayPal, but to The H's German associates at heise.de


The simple attack described by Kugler does not work with WebKit-based browsers (Safari and Chrome), which include an XSS filter. This can, however, be circumvented. Opera, Firefox and Internet Explorer users are vulnerable to the PayPal vulnerability. Mozilla developers are working on their own XSS filter, but development appears to have come to a halt.


« Hacker pleads guilty to Stratfor attack · Flaws found in Paypal · Check out this RC car that turns into a quadrocopter (Video) »




Comments
comments powered by Disqus

MajorGeeks.Com » News » May 2013 » Flaws found in Paypal

© 2000-2025 MajorGeeks.com
Powered by Contentteller® Business Edition