It’s always a matter of attraction when money is in the frame of attack. So It’s time to get into the users PayPal account.. Paypal provides online / ebay pay service and uses by most of the users on web.
As I say before Sometime security professionals will mistakenly believe and publish the statement:“The vulnerability is not exploitable.” but the Black HAT hackers know that every vulnerability is exploitable. They know that just because one person could not find an exploit to the vulnerability , that doesn’t mean someone else won’t find it.It’s all about matter of time and skill level.
This time Mr Yasser Ali An Egyptian engineer who left his main career as a mechanical engineer to work at the Information Security found vulnerability in PayPal user authentication system. He found three critical vulnerability CSRF, Auth token bypass and Resetting the security question.
How Yaseer find Vulnerability in PayPal user authentication system?
He found vulnerability in PayPal user authentication system in three steps
Reusable CSRF Token
Bypassing the CSRF Auth System
ByPassing the Security Questions Change
Do you also want to Learn How to find these vulnerabilities and how to exploit them ?
You must try to Exploit Paypal user authentication system to Learn exploit and practice on it but keep in mind not to harm any user just use it for your practice as “Practice makes a man perfect” but no body is perfect in the universe of hacking .
See Also: Crash your friends whatsapp remotely
See Also : Facebook Varification page has bug
According to TheHackerNews PayPals SpokesPerson release a statement that
“One of our security researchers recently made us aware of a potential way to bypass PayPal’s Cross-Site Request Forgery (CSRF) Protection Authorization System when logging onto PayPal.com. Through the PayPal Bug Bounty program, the researcher reported this to us first and our team worked quickly to fix this potential vulnerability before any of our customers were affected by this issue. We proactively work with security researchers to learn about and stay ahead of potential threats because the security of our customers’ accounts is our top concern.”