How to Hack PayPal Accounts to Steal User Private Info

PayPal as you all knows one of the leading companies in today’s online transaction. Recently Nir Goldshlager, founder of Breaksec and Security Researcher reported critical flaws in Paypal Reporting system that allowed him to steal private data of any PayPal account. Exploiting the vulnerabilities he discovered, allowed him to access the financial information of any PayPal user including victim's shipping address, Email addresses, Phone Number, Item name, Item Amount, Full name, Transaction/Invoice ID,  Transaction, Subject, Account ID, Paypal Reference ID and many more.

He found that PayPal is actually using the Actuate Iportal Application (a third party app) to display customer reports, so Nir downloaded the trial version of this app for testing purpose from its official website.

After going deeply through the source code of trial version, Nir located a file named getfolderitems.do that allowed him to access user's data without credentials. For more information see the pictures below-

 
Update- PayPal Security Team has fixed this bug now! Thanks…

Also read- How Hackers can Make Money with PayPal Bug Bounty Programs?

Join me on Google+

Respected Readers :- As a 18 years old student, running the top most blog in today's world is something quite difficult to do or handle as we bring the best things available related to ethical hacking and security tips to our readers every day. To keep us strong with this attitude, a small contribution from your side will highly be appreciated.

 

E njoyed this post very much – So why not you Subscribe to our regular Email Updates ! and stay connected with us forever .  

Kindly Bookmark and Share it with your friends :