Members Login
    Remember Me  
Post Info TOPIC: PayPal holes expose customer data

Top Poster

Status: Offline
Posts: 3757
PayPal holes expose customer data

PayPal holes expose customer data

Company says data was for 'test' purposes only.


A security researcher has reported finding dangerous website flaws in PayPal that grant attackers access to customer credit card data, account balances and purchase histories.

But a PayPal spokesman has denied that active user data was ever publicly accessible.

The holes were discovered by security researcher Neil Smith from Texas firm Zing Checkout.

One of the holes was publicly disclosed after a failed effort in July to responsibly disclose them under PayPal's bug bounty program.

Smith found that attackers could log into publicly-accessible PayPal administrative sites via authorisation bypass and cross site scripting (XSS) vulnerability. 


Since breaking into the site would violate computer crime laws, he ran a Google search on the affected page and discovered what appeared to be a print out of the page titled "PayPal Administrative Tools" (pdf).





Exposing the sleazery of ebaY and PayPal


Page 1 of 1  sorted by
Quick Reply

Please log in to post quick replies.

Tweet this page Post to Digg Post to

Create your own FREE Forum
Report Abuse
Powered by ActiveBoard