Showing results for 
Search instead for 
Did you mean: 

XSS marks the spot: PayPal portal peril plugged

Community Leader

XSS marks the spot: PayPal portal peril plugged

By John Leyden, 14 Jul 2014


PayPal has plugged a potentially nasty flaw on its internal portal.

The vulnerability, discovered by security analyst Benjamin Kunz Mejri of Vulnerability Laboratory, involved security shortcomings in PayPal's backend systems. More specifically, he said, it was an application-side filter bypass vulnerability in the official PayPal Ethernet portal backend application.

Before it was fixed, the flaw created a route for remote hackers to push malicious scripts onto PayPal's systems, as an advisory by the bug hunting team explains.

The filter bypass allows remote attackers to evade the regular parse and encode filter mechanism of the PayPal inc. online-service portal web-application. The persistent input validation vulnerability allows remote attackers to inject own malicious script codes on the application-side of the vulnerable service.
The Register/ full read here/

Community Leader