Sunday, December 17, 2017
Home / Security / Exploits / Paypal Authentication Flaw Discovered by @Lew1s_Martin

Paypal Authentication Flaw Discovered by @Lew1s_Martin

@Lew1s_Martin has tweeted a new authentication XSS Type0 or DOM based flaw in Paypal’s loginauth page, you can view the official tweet below:

https://twitter.com/Lew1s_Martin/status/367693928775942144

What is a DOM based XSS?

 is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment.

 

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Silent OS 3.0 for Blackphone Completely revamped

Version 3.0 migrates Silent OS to Android Marshmallow 6.0.1 and delivers the Android safety patch …