Wednesday, October 6, 2010

Paypal XSS Vulnerability

Paypal.com website another time under XSS and Redirect :)

Proof of concept :

https://www.sandbox.paypal.com/nvpsm?amount=5.00¤cy_code=USD&sender_country=XSS

https://www.paypal.com/nvpsm?amount=5.00¤cy_code=USD&sender_country=XSS


https://www.paypal.com/nvpsm?amount=5.00¤cy_code=USD&sender_country=Redirect













See also PayPal Mobile site XSS & Redirect Vulnerabilities
Mirror: http://www.xssed.com

1 comment:

mensajes movistar said...

Things like that shouldn't happen.