URL Redirection Vulnerability On PayPal Developers Website.
Hi, my name is Rui Silva and I’m a security researcher from Portugal with 17 years old. I will explain how I found one url redirection vulnerability on PayPal Sub domain developer.paypal.com !
[#] Title : URL Redirection Vulnerability on PayPal Developers
[#] Status : Unfixed/Duplicate
[#] Severity : Medium
[#] Works on : Chrome Version 41.0.2272.118 m
Steps to reproduce:
First signup on PayPal Website.
After this go to: developer.paypal.com/developer/login?successRedirect=
On sucessRedirect= add http:/google.pt
Now open this url on a tab on chrome browser and click enter.
After click enter signin on your paypal account and you will be redirected to google.pt website.
After found I report this to PayPal Security Team.
One week later they reply me.
And after wait… 1 or 2 hours later they reply me again
Thanks to all for your support!
I hope you enjoyed the article
HOC Team is congratulate to Rui Silva for Found the Bug.