Members Login
    Remember Me  
Post Info TOPIC: Embarrassing security failure at PayPal

Top Poster

Status: Offline
Posts: 3757
Embarrassing security failure at PayPal

22 March 2012, 12:14

Embarrassing security failure at PayPal

Until just a few days ago, web sites belonging to the world's largest online payment service contained a security vulnerability in a key component that could have been exploited by fraudsters to steal information from customers. PayPal fixed the vulnerability shortly after being notified of its presence by The H's associates at heise Security. The eBay subsidiary was, however, unable to give any information on how such a serious security problem could have remained undetected.

A heise Security reader noticed that the search function on PayPal web pages was not filtering user input correctly, making it a simple matter to inject code into PayPal pages via a crafted URL. The problem affected pages at which use SSL security. Customers log in to the site from these pages and also use them to make payments. For more information on why cross-site scripting vulnerabilities are a very real security problem, see the article Password stealing for dummies on The H.


Continues with visual documentation


Exposing the sleazery of ebaY and PayPal


Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to

Create your own FREE Forum
Report Abuse
Powered by ActiveBoard