Paypal used to suffer from a lot from phishing attacks in the past and i bet even today, the bad guys are finding ways to exploit this hole to get more money. I was again playing around and i managed to find a XSS hole in paypal's crmgateway. Well, it seems like paypal never learn their lesson in the past and still allows for injections. Anyway, i had already cancelled my account with paypal because of their bad service and unforgivable mistake they made. Good luck paypal.
The Hacka Man