Paypal Registration Page Vulnerable to XSS
2009
Methodman, a grey-hat hacker specializing in finding XSS flaws, reported that Paypal has some dangerous cross-site scripting vulnerabilities that need to be taken care of. The vulnerabilities are still not patched as I write this article. The flaws continue to affect the registration.paypal.com, www.paypal-press.co.uk and www.paypal-press.fr websites.
The registration.paypal.com site is used by companies to sign-up for a business merchant account. The XSS weakness was located in the registration page for accounts using the Payflow Pro payment solution. “Here’s a list of what you’ll need to sign up for PayPal’s Payflow Services: General business information; Primary business contact information; Credit Card and Billing Contact Information; Merchant Bank and Processor Information,” the page reads.
Having the ability to use these vulnerabilities, cyber criminals can create complex phishing systems.Methodman also discloses that Paypal’s website for its media centers in the UK and France are vulnerable to similar attacks. They are both vulnerable to IFrame injections, and stealth Javascript prompts and redirects.Methodman said that the “Paypal Staff has been alerted about this.”
No related posts.
Related posts brought to you by Yet Another Related Posts Plugin.
Comment