Yet another XSS bug to affect PayPal users

By N-Stalker Team on February 11, 2009

A recently published article on The Register has provided exclusive information about a cross-site scripting vulnerability (XSS) that affects PayPal web application and could be used as a phishing source against legitimate users.

According to their report, an individual called “Fugitif” has uncovered the problem and provided evidences on how to exploit the vulnerability. As we look at the pictures provided, it seems that a lack of html entities escaping in “content_ID” parameter allowed him to insert his own “<script>” tag in PayPal’s website domain context.

As seen before, XSS vulnerabilities are widespread and has already become one of the main vectors of exploration against legitimate users of the target web applications.

This entry was posted in Community Blog and tagged , , . Bookmark the permalink.