Monday, September 27, 2010

PayPal Mobile site XSS & Redirect Vulnerabilities


About PayPal Mobile:
Send money and check your balance using your phone and PayPal account. And now also get PayPal through the iPhone App Store.


Proof of concept:

https://mobile.paypal.com/nvpsm?amount=50.0¤cy_code=USD&sender_country=XSS

https://mobile.paypal.com/nvpsm?amount=50.0¤cy_code=USD&sender_country=Redirect





Mirror: http://www.xssed.com

No comments: