[WEB SECURITY] PayPal users being exploited by XSS Phishing Scam

Jeremiah Grossman jeremiah at whitehatsec.com
Fri Jun 16 11:35:00 EDT 2006

PayPal Security Flaw allows Identity Theft

"The scam works quite convincingly, by tricking users into accessing  
a URL hosted on the genuine PayPal web site. The URL uses SSL to  
encrypt information transmitted to and from the site, and a valid 256- 
bit SSL certificate is presented to confirm that the site does indeed  
belong to PayPal; however, some of the content on the page has been  
modified by the fraudsters via a cross-site scripting technique (XSS)."

The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list