• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
paypal pays a hacker $200,000 for discovering 'one click hack' vulnerability

PayPal Pays a Hacker $200,000 for Discovering ‘One-Click-Hack’ Vulnerability

You are here: Home / General Cyber Security News / PayPal Pays a Hacker $200,000 for Discovering ‘One-Click-Hack’ Vulnerability
May 23, 2022

A security researcher disclosed aspects of a clickjacking attack shown towards PayPal that could be exploited to steal victims’ account balances in a single simply click.

Clickjacking, also identified as UI redressing, refers to a procedure wherein an unwitting user is tricked into clicking seemingly innocuous webpage aspects like buttons with the objective of downloading malware, redirecting to destructive web-sites, or disclose delicate information.

This is ordinarily attained by displaying an invisible webpage or HTML element on prime of the obvious website page, resulting in a circumstance wherever buyers are fooled into imagining that they are clicking the respectable website page when they are in fact clicking the rogue component overlaid atop it.

✔ Approved Seller From Our Partners
Malwarebytes Premium 2022

Protect yourself against all threads using Malwarebytes. Get Malwarebytes Premium with 60% discount from a Malwarebytes official seller SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“Consequently, the attacker is ‘hijacking’ clicks intended for [the legitimate] web site and routing them to a different webpage, most most likely owned by an additional application, area, or each,” security researcher h4x0r_dz wrote in a put up documenting the results.

h4x0r_dz, who uncovered the issue on the “www.paypal[.]com/agreements/approve” endpoint, was awarded a $200,000 bounty for exploring and reporting the issue in Oct 2021.

“This endpoint is developed for Billing Agreements and it need to settle for only billingAgreementToken,” the researcher spelled out. “But all through my deep screening, I discovered that we can pass a different token kind, and this qualified prospects to thieving funds from [a] victim’s PayPal account.”

CyberSecurity

This signifies that an adversary could embed the aforementioned endpoint inside of an iframe, causing a victim already logged in to a web browser to transfer funds to an attacker-managed PayPal account only on the click of a button.

Even extra concerningly, the attack could have had disastrous effects on online portals that combine with PayPal for checkouts, enabling the malicious actor to deduct arbitrary amounts from users’ PayPal accounts.

“There are on the web products and services that permit you increase harmony employing PayPal to your account,” h4x0r_dz reported. “I can use the very same exploit and pressure the consumer to incorporate funds to my account, or I can exploit this bug and permit the target develop/pay Netflix account for me!”

Identified this article interesting? Abide by THN on Fb, Twitter  and LinkedIn to examine extra distinctive material we put up.


Some components of this report are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Anonymous Declares Cyber-War on Pro-Russian Hacker Gang Killnet
Next Post: Ransomware Hackers Steal Personal Data of 500,000 Students and Staff in Chicago Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • UK’s Most Innovative Cyber SME 2022 Finalists Announced
  • Mark Zuckerberg Sued Over Cambridge Analytica Data Breach
  • Yes, Containers Are Terrific, But Watch the Security Risks
  • Snake Keylogger Spreads Through Malicious PDFs
  • Fronton: Russian IoT Botnet Designed to Run Social Media Disinformation Campaigns
  • Ransomware Hackers Steal Personal Data of 500,000 Students and Staff in Chicago
  • PayPal Pays a Hacker $200,000 for Discovering ‘One-Click-Hack’ Vulnerability
  • Anonymous Declares Cyber-War on Pro-Russian Hacker Gang Killnet
  • Chinese “Twisted Panda” Hackers Caught Spying on Russian Defense Institutes
  • Why don’t we ever hear about ransomware demands in the tens of millions of dollars?

Copyright © TheCyberSecurity.News, All Rights Reserved.