IT-Securityguard Blog

[BugBounty] Reflected Cross Site Scripting at Paypal.com

| 3 Kommentare

Dear followers, i found a reflected Cross Site Scripting issue on the new Paypal Directory service (https://www.paypal.com/directory/merchants), with the following Payload:

The vulnerable Parameter was the q? Parameter, i was able to break the script contex of the page, i think it was because of the &q Parameteter, but i am not sure Paypal fixed this issue to fast so i couldn’t analyze it more in depth :/

Here is my POC i sent in to Paypal :  hope you enjoyed! If you have any kind of question please don’t hesitate to ask me, either way here or via email at patrik.fehrenbach(at)it-securityguard.com All the best Patrik

3 Kommentare

  1. Interested

  2. I have been working in Security in the UK for 10 years. I have only started to get a bit grumpy about security in general, however after reading this piece it has helped changed my attitude a bit. Time for a project methinks 🙂

  3. I think you could get XSS via „&q=payload“ because of HPP ( HTTP Parameter Pollution) .
    First „q“ parameter value was getting filtered while second „q“ parameter value was being used for generating output 😀

Schreibe einen Kommentar

Pflichtfelder sind mit * markiert.