Topics
Tags
Favorite Links
Translate
Pick Your Language
Security Books
Archives
Recent entries...
Twitter
Sponsored Ads
Popular Pages
Sponsored Ads
The Web Security Mailing List

« Ajax Storage: A Look at Flash Cookies and Internet Explorer Persistance | Main | The Worry-Warts Guide to Web Application Security »

Cross Site Scripting Flaw Exploited in Paypal

"The scam works quite convincingly, by tricking users into accessing a URL hosted on the genuine PayPal web site. The URL uses SSL to encrypt information transmitted to and from the site, and a valid 256-bit SSL certificate is presented to confirm that the site does indeed belong to PayPal; however, some of the content on the page has been modified by the fraudsters via a cross-site scripting technique (XSS)."

Article Link: http://news.netcraft.com/archives/2006/06/16/paypal_security_flaw_allows_identity_theft.html

Posted by Robert A. on 06/16/2006 in Incidents , XSS | Permalink | Reddit

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!


Post a comment







Remember personal info?


Copyright 2000-2009 CGISecurity.com | Privacy Policy| java mailing list| resolve ip| Mailing Lists | Sony deals