PayPal has plugged a potentially nasty flaw on its internal portal.
The vulnerability, discovered by security analyst Benjamin Kunz Mejri of Vulnerability Laboratory, involved security shortcomings in PayPal's backend systems. More specifically, he said, it was an application-side filter bypass vulnerability in the official PayPal Ethernet portal backend application.
Before it was fixed, the flaw created a route for remote hackers to push malicious scripts onto PayPal's systems, as an advisory by the bug hunting team explains.
The filter bypass allows remote attackers to evade the regular parse and encode filter mechanism of the PayPal inc. online-service portal web-application. The persistent input validation vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable service.