Discovered a flaw in PayPal that could cost a lot

Discovered a flaw in PayPal that could cost a lot

Recently, a very serious PayPal flaw was discovered that could allow an attacker to steal the money contained on a hacked account. According to TheHackerNews, the first source to break the news, the security researcher known as h4x0r_dz has discovered an unresolved vulnerability in PayPal that could be exploited to trick a user into completing other-controlled transactions with a single click.

The insidious aspect is that the attack involves the use of a fake PayPal payment window, but perfectly superimposed on a legitimate page, in order to deceive users. The technique, known as Clickjacking, has already been demonstrated and the bug reported to PayPal's bug fixing program several months ago, but it appears that the flaw has not yet been fixed.




Furthermore, it seems that the same vulnerability can be exploited for subscribing to services that allow payments via PayPal. The researcher has posted a video on YouTube showing a Proof of Concept of the exploit, which can be viewed above. As we said, at the moment PayPal has not yet intervened in this regard and the bug report is not rewarded as expected by the company's bug hunt program.