[BugBounty] Paypal DOM XSS main domain

Dear followers,

i recently discovered a DOM Cross Site Scripting issue while testing on Paypal, the process here was pretty straight forward, if you inserted the payload in  :

#“><img src=/ onerror=alert(2)>

In the URL, the DOM executed the Javascript. This vulnerability would have affected all registered Paypal users and could have been used to exploit the Users. Unfortunately this issue got tagged as duplicate but i wanted to write about it anyway.

Here’s my POC i sent the Paypal inc. Bug Bounty team.


All the best

Patrik

 

Ein Gedanke zu „[BugBounty] Paypal DOM XSS main domain

Schreibe einen Kommentar

Deine E-Mail-Adresse wird nicht veröffentlicht. Erforderliche Felder sind mit * markiert

Diese Website verwendet Akismet, um Spam zu reduzieren. Erfahre mehr darüber, wie deine Kommentardaten verarbeitet werden.