XSS+Open Redirect in PAYPAL

    Hi everyone, I will tell bug I found. This bug is out of scope. I think that this bug may give you idea. Then, I decided to tell.

URL: https://paypal.me/pages/countries

Normal request and response:



I added Referer header and I saw it. Payload:
https://nsa.gov

Request and response:

Browser:

If click a country, redirect nsa.gov (Redirect vulnerability)
I tried XSS payload but there is csp. Payload :
javascript:alert(document.domain);
Request and response:
Browser and csp:
I thought about using internet explorer because of csp.

but this payload did not work in ie (syntax error). I found another payload:
javascript:alert(document.domain); https://google.com/
Browser:
I tried with this payload.


Browser:

WORKED!

Video:


But this vulnerability is out of scope so I did not earn money :(


at
Labels:

3 comments:

  1. Unknown3 June 2020 at 11:27

    don't give up buddy!

    ReplyDelete
  2. Naveen_J6 June 2020 at 06:51

    nice catch mate
    Happy Hacking

    ReplyDelete
  3. ademmansouri6 June 2020 at 07:06

    that's great ,
    try using flash + 302 redirection with spoofed referer header

    ReplyDelete

Subscribe to: Post Comments (Atom)