Search This Blog

Powered by Blogger.

Blog Archive

Labels

Blind SQL Injection vulnerability in PayPal Notifications website

An Indian Security Researcher Prakhar Prasad has discovered a Blind SQL Injection vulnerability in Paypal Notification website(paypal-notify.com) that allowed researcher to access database of Paypal notification system.


An Indian Security Researcher Prakhar Prasad has discovered a Blind SQL Injection vulnerability in Paypal Notifications website(paypal-notify.com) that allowed researcher to access database of Paypal notification system.

" As a part of Paypal Bug Bounty Program, I did a responsible disclosure of the bug to Paypal Security Team " The researcher said in his blog.


SQLMap displays the Database name after injection


The PayPal security team patched the vulnerability immediately, just the next day after the Prasad's vulnerability report due to its high severity.

The Paypal security team patched the vulnerability and rewarded the researcher with $3000 for the SQLi and additional $350 for other less critical bugs on 21st January.
Share it:

Blind SQL Injection Vulnerability

Bug Bounty Programs

Cyber Security News

PayPal Bug bounty

Security News