Indian Hackers, Vansh Sharma and Vaibhuv Sharma, from God of Hackers(GOH), has discovered Cross site scripting vulnerability in the official website of Paypal.
PayPal is the faster, safer way to send money, make an online payment, receive money or set up a merchant account.
The field said to be vulnerable to XSS attack allows simple XSS injection code, no need for any obfuscation java script code. An attacker can steal accounts by convincing user into clicking a specially crafted link.
Researchers also reported about the vulnerability to the vendor. At the time of writing this article, the vulnerability is not fixed.
In past, the same hackers found vulnerability in lot of high profile sites including Google, Youtube, Photobucket, MSN and more sites; Also, they found XSS vulnerability in our site also.
PayPal is the faster, safer way to send money, make an online payment, receive money or set up a merchant account.
The field said to be vulnerable to XSS attack allows simple XSS injection code, no need for any obfuscation java script code. An attacker can steal accounts by convincing user into clicking a specially crafted link.
POC: Paypal xss vulnerability |
Researchers also reported about the vulnerability to the vendor. At the time of writing this article, the vulnerability is not fixed.
In past, the same hackers found vulnerability in lot of high profile sites including Google, Youtube, Photobucket, MSN and more sites; Also, they found XSS vulnerability in our site also.