[WEB SECURITY] PayPal users being exploited by XSS Phishing Scam

Jeremiah Grossman jeremiah at whitehatsec.com
Fri Jun 16 11:35:00 EDT 2006


PayPal Security Flaw allows Identity Theft
http://news.netcraft.com/archives/2006/06/16/ 
paypal_security_flaw_allows_identity_theft.html

"The scam works quite convincingly, by tricking users into accessing  
a URL hosted on the genuine PayPal web site. The URL uses SSL to  
encrypt information transmitted to and from the site, and a valid 256- 
bit SSL certificate is presented to confirm that the site does indeed  
belong to PayPal; however, some of the content on the page has been  
modified by the fraudsters via a cross-site scripting technique (XSS)."


----------------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list