PAYPAL VULNERABLE TO CRITICAL WEB


PAYPAL VULNERABLE TO CRITICAL WEB APPLICATION VULNERABILITY


The eBay owned  standard digital payment and cash transfer service, PayPal has been found to be prone to a essential net application vulnerability that would permit Associate in Nursing assailant to require management over users’ PayPal accounts with simply a click, therefore moving over 156 millions PayPal users.

An Egyptian security investigator named Yasser Ali demonstrates in a very YouTube proof-of-concept video however he was ready to trick PayPal’s servers into thinking that he’d with success logged in as any user. Ali evaded PayPal’s security checks by manner of a CSRF (cross-site request forgery). By observance information sent back to PayPal via a POST request, he was ready to capture a token that was valid for all its users.

Ali additionally puzzled out,the security queries on a PayPal account needed no countersign authentication. Once he had the token in his possession, he was then ready to gain full management over Associate in Nursing account by modifying answers employing a little Python script running on his own laptop.

Here is POC