I'm seriously wondering how many cross-site scripting flaws are out there since it has happened to Paypal's site, one of the largest Money Transfer Provider on the internet. I even use it on a monthly basis and its scares me to think that one day I might log into find a Zero balance. Paypal better buck on things and its good they are quite fast in patching things up. Read more on Cross-site scripting Flaws here.
PayPal has received more than 20 awards for technical excellence from the Internet industry and the business community at large, most recently the 2005 Webby People’s Voice Award for the Best Financial Services Site and the Electronic Payments International Award for Best Non-Card Payment Product 2005.
"As soon as we became aware of this scheme, we changed some of the code on the PayPal Web site. So this scheme, or any scheme like it, can no longer be effective," Amanda Pires, a PayPal spokeswoman, said in an interview.
A security flaw within the PayPal Web site is posing a serious threat to its users, security firm Netcraft said Friday. The credit card numbers and personal information of those duped by attackers is at risk through a cross-site scripting attack. A fraudster tricks the user into divulging information by asking them to visit an actual PayPal URL. Since this is hosted by the company, it would appear as if information is encrypted through the company's own SSL certificates. However, through cross-site scripting, some of the information on the accessed page has been modified.
A security flaw within the PayPal Web site is posing a serious threat to its users, security firm Netcraft said Friday. The credit card numbers and personal information of those duped by attackers is at risk through a cross-site scripting attack. A fraudster tricks the user into divulging information by asking them to visit an actual PayPal URL. Since this is hosted by the company, it would appear as if information is encrypted through the company's own SSL certificates. However, through cross-site scripting, some of the information on the accessed page has been modified.
Dangerous Cross-site scripting Flaw in Paypal source
Comment Preview