Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label God Of Hackers. Show all posts

PayPal Site vulnerable to XSS attack, found by Indian Hackers

Indian Hackers, Vansh Sharma and Vaibhuv Sharma, from God of Hackers(GOH), has discovered Cross site scripting vulnerability in the official website of Paypal.

PayPal is the faster, safer way to send money, make an online payment, receive money or set up a merchant account.

The field said to be vulnerable to XSS attack allows simple XSS injection code, no need for any obfuscation java script code.  An attacker can steal accounts by convincing user into clicking a specially crafted link.


POC: Paypal xss vulnerability

Researchers also reported about the vulnerability to the vendor. At the time of writing this article, the vulnerability is not fixed.

In past, the same hackers found vulnerability in lot of high profile sites including Google, Youtube, Photobucket, MSN and more sites; Also, they found XSS vulnerability in our site also.

Vansh sharma discovered a vulnerability in GOOGLE CONNECT

Security researcher the leader Vansh & Vaibhuv and their Tem GOH (God Of hackers )discovered a vulnerability in GOOGLE CONNECT


PROOF OF CONCEPT:
1. Just go to http://www.google.com/friendconnect
2. signin in your account then click on NEWSLETTERS
3. Then in the text box there will be options like B (bold), I (italic),
Link
4. click on Edit HTML and enter this script
<iframe src="javascript:alert('XSS');"
></iframe>

and click on preview.

Cross site Scripting Security Flaw in bloggers.com ,found by GodOfHackers


Hacker Group "GodOfHackers" discovered Cross site scripting security flaw in one of high profile site bloggers.com. Bloggers.com is one of best bloggers community , it will help to know the best bloggers around the world, discover them and connect yourself with this friendly bloggers community. It has alexa rank 3,519.

Vulnerability Details:
  • Type: Non-Persistent XSS
  • alert-Level: Medium
  • Author: GodOfHackers
  • Vulnerable Link: http://bloggers.com/topics/

Poc:
http://bloggers.com/topics/%3Cscript%3Ealert%28%22XSS+By+GOH%22%29%3C%2Fscript%3E

CodeName:
LEADERS: 01001 and ~~((HACKER))~~
GROUP MEMBERS:- 0z0ne, M1$$10n 0v3r£04Ð and Mohammed Shameer