IT-Securityguard Blog

12/15/2014
nach Patrik
3 Kommentare

[BugBounty] Reflected Cross Site Scripting at Paypal.com

Dear followers, i found a reflected Cross Site Scripting issue on the new Paypal Directory service (https://www.paypal.com/directory/merchants), with the following Payload:

The vulnerable Parameter was the q? Parameter, i was able to break the script contex of the page, … Weiterlesen

11/17/2014
nach Patrik
2 Kommentare

[BugBounty] Reflected Cross Site Scripting BillMeLater

Dear followers, i recently found a reflected Cross Site Scripting issue on a Subdomain of BillMeLater (Paypal acquisition) it was possible to break the style attribute and add malicious Javascript Code into the Application.

When ending the previous style … Weiterlesen