PayPal Stored XSS via Request Payment feature or \ from login paypal business account Watch Video
Preview(s):
Gallery
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)
Description: This is the first vulnerability i discovered during the PayPal bug bounty program on the first day of the program, i thought its about time i'd share it with ya all.nnnVulnerability Details:nnAn attacker is able to inject and execute a malicious payload on a remote user account without the need to convince the victim to click anything, it only requires the user to login to his PayPal account.nnThe vulnerability is caused due to the lack of input validation and sanitization ofthe
Play Video: (Note: The default playback of the video is HD VERSION. If your browser is buffering the video slowly, please play the REGULAR MP4 VERSION or Open The Video below for better experience. Thank you!)