[XSS] - paypal-*.com

sensi · January 22, 2014

• Exploit: paypal-*.com - Cross Site Scripting (reflected)

• Author: sensi

• Tested on: Mozilla Firefox

• Status: Reported

• PoC:

tudor13mn13 · January 22, 2014

Bravo bossulica la mai multe :))

P.S: Se scrie "I won".

//


if {
$url = 'paypal-.*.com';
echo 'S3nsi e boss :>';
}

Edited January 22, 2014 by tudor13mn13

Menta · January 22, 2014

frumos,bravo~

aelius · January 22, 2014

Bravo bossulica la mai multe
P.S: Se scrie "I won".
//
if {
$url = 'paypal-.*.com';
echo 'S3nsi e boss :>'
}

ai uitat ;


if(preg_match("/paypal/i", $_SERVER['SERVER_NAME'])) {
	echo "you suck, i rule";
} else  {
    die("suck it up");
}

on: felicitari.

akkiliON · January 22, 2014

Bravo.

Am g?sit ?i eu un xss într-un site care apar?in de ei. Faza e c? am raportat bug-ul prima dat? de pe contul meu (vechiul) ?i am primit r?spuns c? e duplicate. Dubios :-? M-am hot?rât s? îmi fac cont nou ?i s? raportez problema din nou. Iar r?spunsul care l-am primit de la ei pe contul creat nou, m-au l?sat masc?. :/ .... Mi-au validat problema ?i trebuie s? primesc 750$.

sensi · January 22, 2014

Multumesc!

@akkiliON, te poti astepta la orice de la paypal (din pacate). Mai stiu pe unu care i s-a intamplat ceva asemanator...

sensi · January 23, 2014

Se pare ca mi-au validat xss-ul

Sign In

[XSS] - paypal-*.com

Recommended Posts

sensi

Link to comment

Share on other sites

tudor13mn13

Link to comment

Share on other sites

Menta

Link to comment

Share on other sites

aelius

Link to comment

Share on other sites

akkiliON

Link to comment

Share on other sites

sensi

Link to comment

Share on other sites

sensi

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Pages