Jumat, 13 April 2012

XSS vulnerabilities found in PayPal websites

Cross Site Scripting (XSS) vulnerabilities found in PayPal websites



Vulnerabilities have been found in websites of PayPal Sandbox and Paypal Mobile by Romanian experts. The sites could have been exploited by phishing attacks because of the vulnerabilities.

Nemessis, a member of Romanian Security Team (RST) found the vulnerability in the website registration.sandbox.paypal.com. This is a replica of the original PayPal website where users can open accounts with non-sensitive information. The flaw can be used to trick user to a phishing page and steal valuable information.

This vulnerability was fixed very quickly but a similar vulnerability was identified in the website of PayPal Mobile website. This was done again by another member of the Romanian Security Team (RST). As dangerous as the previous one, this flaw can be used to steal cookies of the users.

These vulnerabilities are fatal for the users as their valuable information can be stolen. There has been no confirmation about patching up the vulnerability in PayPal Mobile yet. But it is expected that the officials will patch it up very soon.

 

0 Coment:

Posting Komentar