S
sinu
Thread author
A critical security vulnerability has been discovered in the eBay owned global e-commerce business PayPal that could allow attackers to steal your login credentials, and even your credit card details in unencrypted format.
As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information.
However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details.
Here's what the researcher calls the worst attack scenario:
As it sounds, the domain is used to conduct secure online payments when purchasing from any online shopping website. It enables buyers to pay with their payment cards or PayPal accounts, eliminating the need to store sensitive payment information.
However, it is possible for an attacker to set up a rogue online store or hijacked a legitimate shopping website, to trick users into handing over their personal and financial details.
Here's what the researcher calls the worst attack scenario:
- An attacker need to set up a rogue shopping site or hijack any legitimate shopping site
- Now modify the "CheckOut" button with a URL designed to exploit the XSS vulnerability
- Whenever Paypal users browse the malformed shopping website, and click on "CheckOut" button to Pay with their Paypal account, they'll be redirected to the Secure Payments page
- The page actually displays a phishing page where the victims are asked to enter their payment card information to complete the purchasing
- Now on clicking the Submit Payment Button, instead of paying the product price (let's say $100), the Paypal user will pay the attacker amount of attacker's choice