Web Application Security
PayPal Manager Admin Account Hijack May 15 2014 01:48AM
Mark Litchfield (mark securatary com) (1 replies)
Re: PayPal Manager Admin Account Hijack May 15 2014 03:51PM
Daniel Kester (dekester usgs gov)
Now that I think about it, we should make sure the WAFs are filtering this.

On Wed, May 14, 2014 at 06:48:19PM -0700, Mark Litchfield wrote:
> Date: Wed, 14 May 2014 18:48:19 -0700
> From: Mark Litchfield <mark (at) securatary (dot) com [email concealed]>
> Subject: PayPal Manager Admin Account Hijack
> To: webappsec (at) securityfocus (dot) com [email concealed]
>
> Hi All,
>
> I have just released a new vulnerability at
> http://www.securatary.com/vulnerabilities outlining a hack on
> http://manager.paypal.com that in the end allowed full admin access.
>
> PayPal were very quick to fix this issue, so nice job PayPal
> Security / Engineering team
>
> --
> All the best
>
> Mark Litchfield
> http://www.securatary.com
> Twitter - http://twitter.com/securatary
>
>
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>
---end quoted text---

--
Daniel E. Kester

Center for Integrated Data Analytics
U.S. Geological Survey
dekester (at) usgs (dot) gov [email concealed] | 608-821-3854

OpenPGP: 214E D2F3 4122 4F88 CC0E 2447 C7BA 7124 6FA7 9C1F

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus