WebApp Sec mailing list archives
Re: PayPal Manager Admin Account Hijack
From: Daniel Kester <dekester () usgs gov>
Date: Thu, 15 May 2014 10:51:06 -0500
Now that I think about it, we should make sure the WAFs are filtering this. On Wed, May 14, 2014 at 06:48:19PM -0700, Mark Litchfield wrote:
Date: Wed, 14 May 2014 18:48:19 -0700 From: Mark Litchfield <mark () securatary com> Subject: PayPal Manager Admin Account Hijack To: webappsec () securityfocus com Hi All, I have just released a new vulnerability at http://www.securatary.com/vulnerabilities outlining a hack on http://manager.paypal.com that in the end allowed full admin access. PayPal were very quick to fix this issue, so nice job PayPal Security / Engineering team -- All the best Mark Litchfield http://www.securatary.com Twitter - http://twitter.com/securatary This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
---end quoted text--- -- Daniel E. Kester Center for Integrated Data Analytics U.S. Geological Survey dekester () usgs gov | 608-821-3854 OpenPGP: 214E D2F3 4122 4F88 CC0E 2447 C7BA 7124 6FA7 9C1F This list is sponsored by Cenzic -------------------------------------- Let Us Hack You. Before Hackers Do! It's Finally Here - The Cenzic Website HealthCheck. FREE. Request Yours Now! http://www.cenzic.com/2009HClaunch_Securityfocus --------------------------------------
Current thread:
- PayPal Manager Admin Account Hijack Mark Litchfield (May 14)
- Re: PayPal Manager Admin Account Hijack Daniel Kester (May 15)