light bulb

Did You Know?



Reply
Posts: 2,942
Topics: 1,821
Kudos: 2,029
Blog Posts: 0
Registered: ‎06-02-2014

XSS marks the spot: PayPal portal peril plugged

By John Leyden, 14 Jul 2014

 

PayPal has plugged a potentially nasty flaw on its internal portal.

The vulnerability, discovered by security analyst Benjamin Kunz Mejri of Vulnerability Laboratory, involved security shortcomings in PayPal's backend systems. More specifically, he said, it was an application-side filter bypass vulnerability in the official PayPal Ethernet portal backend application.

Before it was fixed, the flaw created a route for remote hackers to push malicious scripts onto PayPal's systems, as an advisory by the bug hunting team explains.

The filter bypass allows remote attackers to evade the regular parse and encode filter mechanism of the PayPal inc. online-service portal web-application. The persistent input validation vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable service.
The Register/ full read here/ http://www.theregister.co.uk/2014/07/14/paypal_portal_peril_plugged/

Community Leader