Friday, April 17, 2015

XSS Bug on

Hello Leets,

Today i am writing about my finding on

That's a XSS ( Cross Site Scripting )......

The Story began at the 31st December 2014 when all people's are enjoying the new year celebration and i was engaged in finding security bugs...

Then i was try to hunting a paypal site...

After lots of try i found a pattern to inject my code to execute the XSS bug..

So the Vulnerable perameter is   
q = 

Vulnerable link:


Video Demo:

The bug is fixed Now and paypal pays me a bounty of  750$...

Thanks Paypal team....


Morris David said...

such a fantastic posting! thanks a lot for nice article.
download software free | ummy video downloader portable

Post a Comment