Hacking Paypal’s Payment portal using JavaScript – Critical Vulnerability found!
Last time we had seen how you could easily bypass Facebook’s security question. Now this time your are going to learn, how to bypass Paypal’s payment portal using a piece of JavaScript and get all the products for free. looks like every single stuff online has a secret black hole.
PayPal allows payments and money transfers to be made through the Internet. It also performs payment processing for online vendors. Normally when you pay the website using Paypal’s “pay now” button, as soon as you make the payment you will be redirected to a secret download page, where in you can find download links for the described product. Remember this download page is secret, but anyone who knows the URL of this page can access it. Now this hack works only for this type of download pages, i.e. for websites using Paypal’s “Pay Now” button.
Such websites having PayPal portal for payment are vulnerable and can be easily exploited using simple javascript. The javascript bypasses the payment page and redirects the user to download page. below is the piece of code:
javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);-How do i use this code?
Example Website : Magic Tricks Collection
First make sure you are using Javascript enabled Browser, better use Mozilla Firefox.
Next, Go to the respective download or ‘buy now’ page of the website and copy-paste the above Javascript in the address bar and hit enter. viola!, you are now being redirected to the download page!
Next, Go to the respective download or ‘buy now’ page of the website and copy-paste the above Javascript in the address bar and hit enter. viola!, you are now being redirected to the download page!
To make it simple, Just create on bookmark of this javascrpt. To do so, Just drag and drop this Bookmarklet >> Paypal-Hack on to your bookmarks area of the Mozilla firefox. Now every time you find any website using such Paypal’s “Buy Now” Button, just hit this bookmarklet.
-How do i find more Websites?
You can easily find more infected websites by using google dork: “this order button requires a javascript enabled browser”
i.e. Go to google and search for “this order button requires a javascript enabled browser” , you will get all the websites that are using this outdated button.
i.e. Go to google and search for “this order button requires a javascript enabled browser” , you will get all the websites that are using this outdated button.
No comments: