Home Unlabelled URL Redirection Vulnerability On PayPal Developers Website

URL Redirection Vulnerability On PayPal Developers Website

By
Saturday, April 11, 2015
Read
Add Comment


URL Redirection Vulnerability On PayPal Developers Website.

Hi, my name is Rui Silva and I’m a security researcher from Portugal with 17 years old. I will explain how I found one url redirection vulnerability on PayPal Sub domain developer.paypal.com !

Description:
[#] Title           : URL Redirection Vulnerability on PayPal Developers
[#] Status        :  Unfixed/Duplicate
[#] Severity     :  Medium
[#] Works on   :  Chrome Version 41.0.2272.118 m

POC:

Steps to reproduce:
First signup on PayPal Website.
After this go to: developer.paypal.com/developer/login?successRedirect=
On sucessRedirect= add http:/google.pt

Final URL: 
developer.paypal.com/developer/login?successRedirect=http:/google.pt

Now open this url on a tab on chrome browser and click enter.
After click enter signin on your paypal account and you will be redirected to google.pt website.

After found I report this to PayPal Security Team.
One week later they reply me.

PayPal Reply:



And after wait… 1 or 2 hours later they reply me again

Reply:





Thanks to all for your support!
I hope you enjoyed the article

Video:


HOC Team is congratulate to Rui Silva for Found the Bug.
Tags :

Created By Nexus · Powered by Blogger
© All Rights Reserved

Terms Of Service · Privacy Policy · Disclaimer · Contact Us · About Us