david wong

Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Hacking PayPal Accounts with one click posted December 2014

An interesting 0day on paypal was discolsed by Yasser Ali.

We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “https://www.paypal.com/eg/cgi-bin/webscr?cmd=_send-money”. At this point the attacker Can CSRF “almost” any request on behave of this user.


A CSRF attacks (Cross-Site Request Forgery) happens when you can send a link to someone (or embed it into an iframe on your website) and it makes the user do something on a particular website (like paypal) that he didn't intend to do. Or as the name of the attack says, it makes him send a request you forged from outside the website. A CSRF token is used to cancel this attack. It's usually a random value that is send along the request and verified server side. This value is difficult to predict and thus you usually can't forge it along the request.

Well done! You've reached the end of my post. Now you can leave me a comment :)


Hack my sisters wifi, she's a hoe


I mean PayPal


Hi I need an paypal account!



Wang Fei

I be Wang Fei


Hello I wanted to know how I could load money in my account


Can I get one


can i have some money plz lol :p


can i have an account???

Temitope Michael

Please, how can i contact Yasser Alli? Please reply me through my mail [email protected]


HI i would like a paypal account.


I need $50


I was in a deep mess when I was introduced to Redhacker to help me hack my lost emails,  he didn't charge me much. You can contact also for westerm union bugs, credit card top up, paypal hack, hotmail, yahoo mail hack, whatsapp hack. Etc.
Contact:  [email protected],+17865880706


Need help Hack a scammer


Do you need an hacker urgently to change your financial situation, spy emails, hack bank accounts(world bank inclusive), bank transfer, paypal transfer, moneygram and western union) contact:  [email protected], text: ?+17865880706?


I need a paypal account please email me [email protected]