funsec mailing list archives

Re: PayPal XSS Exploit Available for Two Years?

From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Fri, 21 Jul 2006 02:56:41 +1200

Fergie wrote:

Chris Marlow tried to warn PayPal about the flaw in June 2004, but
claims the PayPal representative he spoke to did not understand what
cross-site scripting was, and - due to company policy - was unable to
provide an email address to allow a proof-of-concept exploit to be
demonstrated.


Further support, were any needed, for the old adage:

   Pay peanuts?

   Hire monkeys!


Regards,

Nick FitzGerald

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

PayPal XSS Exploit Available for Two Years? Fergie (Jul 20)
- Re: PayPal XSS Exploit Available for Two Years? Nick FitzGerald (Jul 20)