Saturday 11 April 2015

URL Redirection Vulnerability On PayPal Developers Website

URL Redirection Vulnerability On PayPal Developers Website.

Hi, my name is Rui Silva and I’m a security researcher from Portugal with 17 years old. I will explain how I found one url redirection vulnerability on PayPal Sub domain !

[#] Title           : URL Redirection Vulnerability on PayPal Developers
[#] Status        :  Unfixed/Duplicate
[#] Severity     :  Medium
[#] Works on   :  Chrome Version 41.0.2272.118 m


Steps to reproduce:
First signup on PayPal Website.
After this go to:
On sucessRedirect= add http:/

Final URL:

Now open this url on a tab on chrome browser and click enter.
After click enter signin on your paypal account and you will be redirected to website.

After found I report this to PayPal Security Team.
One week later they reply me.

PayPal Reply:

And after wait… 1 or 2 hours later they reply me again


Thanks to all for your support!
I hope you enjoyed the article


HOC Team is congratulate to Rui Silva for Found the Bug.


Post a Comment

Note: only a member of this blog may post a comment.

Toggle Footer