Wednesday, August 23, 2017
Home / Security / Exploits / Vulnerability-Lab persistent XSS found by inj3ct0r

Vulnerability-Lab persistent XSS found by inj3ct0r

The Inj3ct0r team (http://1337day.com) has contacted us with another vulnerability found.  They located and exploited a presistent XSS in the official site of Vulnerability-Lab a 1337day lookalike.

After the Vulnerability-Lab claimed they they found a persistent web vulnerability in the official Paypal (core) ecommerce website content management system.

The security flaw allows attackers to inject their own malicious code on the site and have it stick (persistent).

The persistent input validation vulnerability is located in the Adressbuch module with the bound vulnerable search function when processing to request script code tags as `Addressbuch` contacts. The code will be executed out of the search result listing web context. Remote exploitation requires low user interaction and a privileged paypal banking application user account.

Inj3ct0r looks to be taking out the competition one by one.

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …