david wong

Hey! I'm David, a security engineer at the Blockchain team of Facebook, previously a security consultant for the Cryptography Services of NCC Group. This is my blog about cryptography and security and other related topics that I find interesting.

Hacking PayPal Accounts with one click posted December 2014

An interesting 0day on paypal was discolsed by Yasser Ali.

We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “https://www.paypal.com/eg/cgi-bin/webscr?cmd=_send-money”. At this point the attacker Can CSRF “almost” any request on behave of this user.

source

A CSRF attacks (Cross-Site Request Forgery) happens when you can send a link to someone (or embed it into an iframe on your website) and it makes the user do something on a particular website (like paypal) that he didn't intend to do. Or as the name of the attack says, it makes him send a request you forged from outside the website. A CSRF token is used to cancel this attack. It's usually a random value that is send along the request and verified server side. This value is difficult to predict and thus you usually can't forge it along the request.

Well done! You've reached the end of my post. Now you can leave me a comment :)

Zita

Hack my sisters wifi, she's a hoe

zITA

I mean PayPal

Alex

Hi I need an paypal account!

Alex

Help!

Wang Fei

I be Wang Fei

Oacar

Hello I wanted to know how I could load money in my account

Nelson

Can I get one

Joe

can i have some money plz lol :p

Josh

can i have an account???

Temitope Michael

Please, how can i contact Yasser Alli? Please reply me through my mail [email protected]

James

HI i would like a paypal account.

Jad

I need $50

Michael

Guys, if you know how to work with Paypal accounts, you can get them for free. In telegram has a channel with free giveaways of accounts. I regularly take there accounts with a balance of up to $ 500. Different amounts come across. You can also try https://t.me/CyberGodsTeam

Geovana bulla

Hello everyone, are you in need of hacking services? 
Then contact> [email protected] for best the hacking services.
Be warned, most of these so called hackers are impostors,I know how real hackers work, they never advertise themselves in such a credulous manners and they are always discrete.
I have been scammed so many times out of desperation trying to find urgent help to change my school grades, 
finally my friend introduced me to a group of  reliable hackers who work with discretion and delivers promptly, they do all kinds of hackings ranging from;
-Securing of personal/companies website
-Sales of Blank ATM cards.
-Games hacking
-hack into email accounts and trace email location
-all social media accounts,-school database to clear or change grades, 
-Retrieval of lost file/documents-Changing of car plate documents
****iTune card code hack
-DUIs -company records and systems,
-Bank accounts,Paypal accounts,Bitcoin and Onecoin account.
-Credit cards hack
-Credit score hack 
-Monitor any phone and email address
-hack IP address
  Tap into anybody's call and monitor their conversation.    By hiring their service you will get a free 30-days warranty. It means that if some password is changed in this time frame since the moment you receive it, they will get it again for free. ***CONTACT> [email protected]