Though, I haven't tested the new login function yet but you guys should go for it and see if you can find something else :) In the fix, they've separated the logins for both. The problem caused because the PayPal Community site login was linked with the original login. I made a video then (Chill! I'll public it) and in which I showed them that after this bypass, an attacker can send money, receive money, withdraw money, edit account settings, I mean just can do everything. They claimed that when a person does this, our "INTERNAL SECURITY SYSTEM" prevents the user from doing further actions but they were wrong. I reported it to PayPal and then they fixed it after like month or two. Seem pretty easy right? Yes, it is pretty easy to bypass. After logging-in to the PayPal Community site, click on PayPal Home link at the top which redirects to main site and BOOOOOMMMMMM!!!. Then click on the Login button there (Located at the top) and enter your correct PayPal login. Login to PayPal, when it asks to verify the account ownership so just leave it as it is and open in another tab. Reproduction: So now suppose you don't have access to that phone number entered there so let's do the bypass! (It's easy af). PayPal account ownership verification page Then PayPal sends a verification code and when the user enters the correct verification code there on that page, the login then gets completely successful and then the user is able to perform further actions like account overview, send money, receive money, account settings etc. So the user will have to select a phone number, choose if the user wants to receive verification code via SMS or Call. (The Phone Numbers that are in account appears there so you can choose and PayPal will send code via SMS/Call). The user then gets stuck at a page after logging in where the PayPal asks the user to verify account via SMS or Call. then the PayPal asks the user to verify his/her account ownership. So the bug is that when someone logs-in to his/her PayPal account, due to some cases i.e Login from unusual location, entering wrong password first and then entering correct password etc. I guess its Reproduction is the "Smallest Bug Reproduction Ever". I will have to go back to using my bank card since Paypal wants to mess this up as much as possible and make me waste a few hours trying to pay for an order.So this a very simple bug that I found in PayPal back then in January 2015. What happened to Paypal? It was an intelligent company but now it must have high school dropouts in charge who are **bleep** up everything up as much as possible. It knows I am in Mexico and sends me to a Spanish site and I DO NOT SPEAK SPANISH.ĭo they really think everyone in a country speaks the same language? Do we not have a choice of languages?There are over 500,000 English speakers living full time in Mexico and most of us do not speak Spanish. Great isn't it? It won't let me enter a Mexican cell phone number because I guess extra spaces for numbers cost too much. Then the solution tells me to go to the Paypal Facebook site and it is in Spanish. I am in Mexico and there are not enough spaces to enter the country code or a cell phone code. Paypal asked for my phone number to send a text so I can log in.
0 Comments
Leave a Reply. |