PayPal

Pierluigi Paganini August 26, 2015
PayPal critical Flaw allows to steal all your funds

The expert Ebrahim Hegazy discovered a critical Stored XSS Vulnerability Paypal Critical Vulnerability to steal Users Credit Cards in ClearText format. The popular security expert Ebrahim Hegazy (@Zigoo0) has discovered a critical Stored XSS Vulnerability in “https://Securepayments.Paypal.com” that could be exploited by attackers to steal Paypal users credit card and login credentials … and more!Paypal SecurePayments domain […]

Pierluigi Paganini April 29, 2015
Hacking PayPal server by exploiting a Remote Code Execution flaw

Security expert discovered a way to hack a PayPal server by exploiting a Remote Code Execution flaw affecting the Java Debug Wire Protocol (JDWP) protocol. Security researcher Milan A Solanki discovered a new critical remote code execution vulnerability in PayPal platform. An attacker could exploit the vulnerability to execute arbitrary code on the PayPal  Marketing online-service […]

Pierluigi Paganini December 03, 2014
Hacking PayPal Account with a single exploit

An Egyptian hacker demonstrated that using a single exploit is possible to take control of any PayPal account due to the presence of a series of flaws . The Egyptian security researcher, Yasser H. Ali has reported three critical vulnerabilities in PayPal website that could be exploited by an attacker to compromise users’ account. The vulnerabilities include a CSRF and an Authentication token […]

Pierluigi Paganini October 11, 2014
Authentication vulnerability in PayPal mobile API allows access to restricted Accounts

An Authentication vulnerability in PayPal mobile API, discovered more than one year ago, allows access to restricted Accounts. Another authentication flaw affects PayPal mobile API, an attacker exploiting it could gain access to Blocked Accounts. The authentication restriction bypass vulnerability, resides in the mobile API authentication procedure of the PayPal online-service, according to Vulnerability Laboratory […]

Pierluigi Paganini August 06, 2014
Security flaw allows to bypass PayPal two-factor authentication

A Security researcher has discovered a new flaw in the two-factor authentication process implemented by PayPal to protect its users. Security researcher Joshua Rogers has discovered a simple way of bypassing the two-factor authentication mechanism implemented by PayPal to protect accounts that are linked to eBay accounts. The flaw resides in the login process when a user is prompted […]

Pierluigi Paganini June 26, 2014
PayPal two-factor authentication for mobile apps is flawed

Security experts at Duo Security have discovered a serious flaw in the implementation of two-factor authentication which allow attackers to bypass it. Two-factor authentication processes if flawed could give to companies a false sense of security even if we are discussing of PayPal. In the past we have explained how to by-pass Two-factor authentication in various ways, for example, using […]

Pierluigi Paganini June 13, 2014
Fraud scheme in PayPal allows anyone to increase balance endlessly

Razvan Cernaianu user described a method by which PayPal users could double their amount of money related to their account endlessly. The expert at Cyber Smart Defence TinKode a.k.a Razvan Cernaianu claimed to have found a loophole in the PayPal service, for the precision in its Chargeback Process, which could be exploited by a bad actor to increase his balance […]

Pierluigi Paganini May 15, 2014
How to hack PayPal Manager and manage your Payflow account

Mark Litchfield, Security expert at Securatary, has published a proof of concept on the way it is possible to hack PayPal Manager Admin Account. Mark Litchfield, security expert at Securatary has published an interesting post on PayPal Manager Admin Account Hijack, let’s remember that PayPal Manager is used to manage user’s Payflow account. The attack method against […]

Pierluigi Paganini February 14, 2014
The Syrian Electronic Army hacked Forbes

The Syrian Electronic Army has hacked Forbes WordPress CMS and has hijacked Twitter accounts belonging to the media agency. Who will be the next one? Forbes is the new victim of the popular group of hackers Syrian Electronic Army (SEA), the popular group pro Syrian President Assad. The hackers took responsibility for a coordinated attack against multiple […]

Pierluigi Paganini February 06, 2014
Syrian Electronic Army hacks into Facebook’s domain

The Syrian Electronic Army claimed Wednesday that it managed to hack into Facebook violating an administrator account of the Facebook’s Domain Registrar. Syrian Electronic Army hit again, 2014 has started with the exploits of the popular group hackers that hit the giants of IT industry. Microsoft, PayPal, Ebay and also the CNN were hacked in the […]