Thursday, November 1, 2007

Paypal CRMgateway XSS

Paypal used to suffer from a lot from phishing attacks in the past and i bet even today, the bad guys are finding ways to exploit this hole to get more money. I was again playing around and i managed to find a XSS hole in paypal's crmgateway. Well, it seems like paypal never learn their lesson in the past and still allows for injections. Anyway, i had already cancelled my account with paypal because of their bad service and unforgivable mistake they made. Good luck paypal.



The Hacka Man

7 comments:

Anonymous said...

big LOL.

Really.. i can´t undestand how web´s like (specialy)paypal have this flags of security...

Really SAD.

Cheers,

Anonymous said...

Its normal

hackathology

Anonymous said...

I have a question, does the parameter you modified gets stored in their database or it's just one parameter used during the displaying?

Anonymous said...

its not stored on the database but however it is recorded in the web server logs

hackathology

Anonymous said...

it´s normal? dont fuc...!

I can´t undestand you how you use IE :P

Anonymous said...

it's probably just a parameter set to print out on screen, XSS does not constitute anything if it does not go into persistent storage or has a means to be sent to a 3rd party. that said if you put a bad code in that javascript the only person who will see it is YOU. this ain't a valid XSS issue in practical sense. many sites pass error messages this way FYI.

Anonymous said...

SEO まだわかりません。 着サイト情報は
SEO対策で サイトの問題点を比較・分析、効果的なSEO対策を行って、または
seoツールにご利用下さい、このサイト検索エンジンの地位があります。
seoツール
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策
SEO
SEO対策