funsec mailing list archives
Re: PayPal XSS Exploit Available for Two Years?
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 21 Jul 2006 02:56:41 +1200
Fergie wrote:
Chris Marlow tried to warn PayPal about the flaw in June 2004, but claims the PayPal representative he spoke to did not understand what cross-site scripting was, and - due to company policy - was unable to provide an email address to allow a proof-of-concept exploit to be demonstrated.
Further support, were any needed, for the old adage: Pay peanuts? Hire monkeys! Regards, Nick FitzGerald _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- PayPal XSS Exploit Available for Two Years? Fergie (Jul 20)
- Re: PayPal XSS Exploit Available for Two Years? Nick FitzGerald (Jul 20)