PayPal holes expose customer data

Members Login

Post Info

TOPIC: PayPal holes expose customer data

PayPal holes expose customer data

By Darren Pauli on Nov 5, 2012

Company says data was for 'test' purposes only.

A security researcher has reported finding dangerous website flaws in PayPal that grant attackers access to customer credit card data, account balances and purchase histories.

But a PayPal spokesman has denied that active user data was ever publicly accessible.

The holes were discovered by security researcher Neil Smith from Texas firm Zing Checkout.

One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program.

Smith found that attackers could log into publicly-accessible PayPal administrative sites via authorisation bypass and cross site scripting (XSS) vulnerability.

Since breaking into the site would violate computer crime laws, he ran a Google search on the affected page and discovered what appeared to be a print out of the page titled "PayPal Administrative Tools" (pdf).

continues...

__________________

Capp Vids | Capp WP | Tweetstream

Exposing the sleazery of ebaY and PayPal

Page 1 of 1 sorted by

paypal security xss flaw exploit

Quick Reply
Please log in to post quick replies.

Create your own FREE Forum
Report Abuse