PayPal exposes security loopholes, account funds can easily double in a few steps

Author: qxz_xp Published: 2014-06-13 10:48 Classification: Industry News , Hacker attack and defense   No comment  

  one hundred and five million six hundred and forty-three thousand six hundred and forty-seven

News on June 13, well-known hacker Razvan Cernaianu said on Thursday that finding a security vulnerability in PayPal's account could easily double the user's funds.

Sennenu said that the key to doubling the funds is to transfer the account funds to another account before applying for refund. Specifically, hacker Three PayPal accounts, one legitimate buyer account, one one-time seller account, and a third account are required. The last two accounts need to be bundled with virtual credit cards.

Sennenu said: "Transfer the funds to the second account for the reason of buying a mobile phone. Then transfer the funds from the second account to the third account for the reason of 'gift giving'. After 24 hours, apply for a refund for the reason of not receiving the mobile phone on time."

"Because the second account is a virtual account, Paypal cannot withdraw funds from it. Therefore, after the refund, the user has $500 in his first legitimate PayPal account and $500 in his third account. "

Sennenu said that he had loophole Notify PayPal, and PayPal also acknowledged that loophole PayPal said: "This situation may appear in our system, but repeated fraud has been blocked." But PayPal did not explain how to solve one-time fraud.

Sennenu has invaded the computer network of the Pentagon, NASA and the Royal Navy, and was claimed 120000 dollars. (Tan Ran)

Original article reprint please specify: reprint from Seven Travelers Blog

Fixed link of this article: https://www.qxzxp.com/4895.html

QQ Zone WeChat Tencent Weibo Sina Weibo My Sohu Renren Tianya Community Baidu Post Bar more
Previous
Next

You may also be interested in these articles!

  1. Low cost production of penetration artifact based on OpenWRT (1)
  2. WeChat exposes remote arbitrary code execution vulnerability, which can be controlled remotely (1)
  3. Burpsuite 1.7.03 The latest cracked version of the penetration artifact (5)
  4. Polar bear scanner 3.5 adds super search, and cloud platform supports online installation (7)
  5. The world's largest free web hosting company 000Webhost intrudes 13.5 million (4)
  6. AirDrop vulnerability millions of Apple devices can be silently installed with malicious applications (2)
  7. Use the search engine to grab PHP scripts in batch (1)
  8. Penetrating artifact Burpsuite Pro v1.6.24 cracked version download (1)
  9. Technical Disclosure "QQ Space" Automatically Forwards Bad Information (2)
  10. The Chinese Valentine's Day arrived, and the extramarital affairs website data was finally released (5)
  11. Hacking Team RCSAndroid Trojans (1)
  12. Hackers invade the website AshleyMadison, which is sensitive to 37 million users
  13. Vietnamese post-80s hackers were sentenced for stealing 200 million American information (1)
  14. Attack test on WiFi of three British politicians (1)
  15. The second Flash 0day vulnerability appears in Hacking Team data
  16. Hacking Team, a professional hacker company, was hacked of 400GB internal data (2)

PayPal exposes security loopholes, and the account funds can easily double in a few steps: waiting for you to sit on the sofa!

Comment

4 + 6 =

Shortcut key: Ctrl+Enter