URL Redirection Vulnerability On PayPal Developers Website



URL Redirection Vulnerability On PayPal Developers Website.

Hi, my name is Rui Silva and I’m a security researcher from Portugal with 17 years old. I will explain how I found one url redirection vulnerability on PayPal Sub domain developer.paypal.com !

Description:
[#] Title           : URL Redirection Vulnerability on PayPal Developers
[#] Status        :  Unfixed/Duplicate
[#] Severity     :  Medium
[#] Works on   :  Chrome Version 41.0.2272.118 m

POC:

Steps to reproduce:
First signup on PayPal Website.
After this go to: developer.paypal.com/developer/login?successRedirect=
On sucessRedirect= add http:/google.pt

Final URL: 
developer.paypal.com/developer/login?successRedirect=http:/google.pt

Now open this url on a tab on chrome browser and click enter.
After click enter signin on your paypal account and you will be redirected to google.pt website.

After found I report this to PayPal Security Team.
One week later they reply me.

PayPal Reply:



And after wait… 1 or 2 hours later they reply me again

Reply:





Thanks to all for your support!
I hope you enjoyed the article

Video:


HOC Team is congratulate to Rui Silva for Found the Bug.