How to Hack PayPal Account
In the POC Video Mr. Yasser successfully bypassed the PayPal security to generate exploit code for targeted attacks.
1- Reusable CSRF Token:
The CSRF token “that authenticate every single request made by the user” which can be also found in the request body of every request with the parameter name “Auth” get changed with every request made by user for security measures, but after a deep investigation I found out that the CSRF Auth is Reusable for that specific user email address or username, this means If an attacker found any of these CSRF Tokens, He can then make actions in the behave of any logged in user.
Hmm, it seems interesting but still not exploitable, as there is no way for an attacker to get the “Auth” value from a victim session.
2- Bypassing the CSRF Auth System:
The CSRF Auth verifies every single request of that user, So what If an attacker “not logged in” tries to make a “send money” request then PayPal will ask the attacker to provide his email and password, The attacker will provide the “Victim Email” and ANY password, Then he will capture the request, The request will contain a Valid CSRF Auth token Which is Reusable and Can authorise this specific user requests. Upon Further Investigation, We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “https://www.paypal.com/eg/cgi-bin/webscr?cmd=_send-money”. At this point the attacker Can CSRF “almost” any request on behave of this user.
The application generates a valid “Auth” token for a logged-out user!
Through examination of the password change process, he found that an attacker can NOT Change the victim password without answering the Security Questions set by user, Also the user himself can NOT change the security questions without entering the password!
3- ByPassing the Security Questions Change:
The initial process of “setting” security questions is not password protected and is reusable
After further investigation, noticed that the request of setting up the security questions “which is initiated by the user while signing up” is not password-protected, and it can be reused to reset the security questions up without providing the password, hence, Armed with the CSRF Auth, an attacker can CSRF this process too and change the victim’s Security questions.
At this point, An attacker can conduct a targeted CSRF attack against a PayPal users and take a full control over his account Hence, An attacker can CSRF all the requests including but not limited to:
1- Add/Remove/Confirm Email address
2-Add fully privileged users to business account
3- Change Security questions
4- Change Billing/Shipping Address
5- Change Payment methods
6- Change user settings(Notifications/Mobile settings) ………… and more.
To automate the who process, Yasser has coded a Python interactive server to demonstrate how an attacker can exploit this vulnerability in a real-life scenario attack.
1- Reusable CSRF Token:
The CSRF token “that authenticate every single request made by the user” which can be also found in the request body of every request with the parameter name “Auth” get changed with every request made by user for security measures, but after a deep investigation I found out that the CSRF Auth is Reusable for that specific user email address or username, this means If an attacker found any of these CSRF Tokens, He can then make actions in the behave of any logged in user.
Hmm, it seems interesting but still not exploitable, as there is no way for an attacker to get the “Auth” value from a victim session.
2- Bypassing the CSRF Auth System:
The CSRF Auth verifies every single request of that user, So what If an attacker “not logged in” tries to make a “send money” request then PayPal will ask the attacker to provide his email and password, The attacker will provide the “Victim Email” and ANY password, Then he will capture the request, The request will contain a Valid CSRF Auth token Which is Reusable and Can authorise this specific user requests. Upon Further Investigation, We have found out that an Attacker can obtain the CSRF Auth which can be valid for ALL users, by intercepting the POST request from a page that provide an Auth Token before the Logging-in process, check this page for the magical CSRF Auth “https://www.paypal.com/eg/cgi-bin/webscr?cmd=_send-money”. At this point the attacker Can CSRF “almost” any request on behave of this user.
The application generates a valid “Auth” token for a logged-out user!
Through examination of the password change process, he found that an attacker can NOT Change the victim password without answering the Security Questions set by user, Also the user himself can NOT change the security questions without entering the password!
3- ByPassing the Security Questions Change:
The initial process of “setting” security questions is not password protected and is reusable
After further investigation, noticed that the request of setting up the security questions “which is initiated by the user while signing up” is not password-protected, and it can be reused to reset the security questions up without providing the password, hence, Armed with the CSRF Auth, an attacker can CSRF this process too and change the victim’s Security questions.
At this point, An attacker can conduct a targeted CSRF attack against a PayPal users and take a full control over his account Hence, An attacker can CSRF all the requests including but not limited to:
1- Add/Remove/Confirm Email address
2-Add fully privileged users to business account
3- Change Security questions
4- Change Billing/Shipping Address
5- Change Payment methods
6- Change user settings(Notifications/Mobile settings) ………… and more.
To automate the who process, Yasser has coded a Python interactive server to demonstrate how an attacker can exploit this vulnerability in a real-life scenario attack.
Get the new ATM BLANK CARD that can hack any ATM MACHINE and withdraw
ReplyDeletemoney from any account. You do not require anybody’s account number before
you can use it. Although you and I knows that its illegal,there is no risk
using it. It has SPECIAL FEATURES, that makes the machine unable to detect
this very card,and its transaction is can’t be traced . You can use it anywhere in the world. With this card, you can withdraw nothing less than
$5,000 daily. So to get the card, reach the hackers via email address : skylinktechnes@yahoo.com whatsapp: +1(213)328–0248
Have you heard about programmed ATM card? email:(williamshackers@hotmail.com) or WhatsApp +27730051607 for enquiring on how to get the ATM programmed card.
ReplyDeleteWe have special cash loaded programmed ATM card for you to buy your dream car, house and to start up your own business. Our ATM card can be used to withdraw cash at any ATM or swipe, stores and POS. Our card has daily withdrawal limit depending card balance you order. Contact us via Email if you need a card email:(williamshackers@hotmail.com) or WhatsApp +27730051607.
HOW TO GET BLANK ATM CARD AND WITHDRAW
ReplyDeleteUNLIMITED CASH
This is the happiest moment of my life having no longer to worry about paying bills as i have been settled for life. A lot has been said about atm hacking and blank card for cash withdrawal but it all seemed like a myth to me until i eventually lost my job few months back and the world seemed to be moving backwards. I went online in search of jobs and means to an end and there i found comments about blankatmdeliveryxpress and how they deliver this card in less than 7 days with no risk involved and a far much lesser price compared to what the card itself can give you, i then made contact and purchase one from them with almost my last dollars I took the risk and in exactly 6 days latter my card and a manual was delivered to my home address here in California and that same evening i used the card was able to take out $5000 for a start its been just 3 weeks and my life has taken a new shape. I simply want to say thank you to this electronic company and help spread their fame abroad. If you ever are in need of this card contact them via email :blankatmdeliveryxpress@gmail.com
Don't mail them if you not really ready for this card is gonna cost you money to buy the card note that,they offer card to firms, orphans,individual and business personnels mail them immediately .
Have you heard about programmed ATM card? email: (williamshackers@hotmail.com) or WhatsApp +27730051607 for enquiring on how to get the ATM programmed card.
ReplyDeleteWe have special cash loaded programmed ATM card of $5000, $10000, $15000, $20000 and any amount your choice you need for you to buy your dream car, house and to start up your own business. Our ATM card can be used to withdraw cash at any ATM or swipe, stores and POS. Our card has daily withdrawal limit depending card balance you order. Contact us via Email if you need a card email: (williamshackers@hotmail.com) or WhatsApp +27730051607.
If you are in need of financial Help, don't hesitate to place order for deserve Programmed card that can withdraw any amount limit you want. Deserve Card are very transparent and easy to deal with. You can Purchase Deserve card that can withdraw up to $50,000 to $100,000 limit without being detected because of the programming of the card. I'm extremely grateful to them for being honest with their words and delivering the card to me. This is the third day of receiving the card and i have withdraw $9,500 from the Deserve Programmed Card. I tried purchasing the card previously from someone else, but it never arrived until i tried skylink technology for those in need of more money, you can also contact them. you can place order for the card Via whatsapp +1(213)785-1553 or their E-mail: skylinktechnes@yahoo.com
ReplyDelete
ReplyDeleteBE SMART AND BECOME RICH IN LESS THAN 3DAYS (williamshackers@hotmail.com)… It all depends on how fast you can be to get the new PROGRAMMED blank ATM card that is capable of hacking into any ATM machine,anywhere in the world. I got to know about this BLANK ATM CARD when I was searching for job online about a month ago..It has really changed my life for good and now I can say I'm rich and I can never be poor again. The least money I get in a day with it is about $50,000.(fifty thousand USD) Every now and then I keeping pumping money into my account. Though is illegal,there is no risk of being caught ,because it has been programmed in such a way that it is not traceable,it also has a technique that makes it impossible for the CCTVs to detect you..For details on how to get yours today, email the hackers on : (williamshackers@hotmail.com). Tell your loved once too, and start to live large. That's the simple testimony of how my life changed for good…Love you all …the email address again is email (williamshackers@hotmail.com)…
If you really want to solve any cyber or database related issues you definitely have no other option than to contact Perisic Allied Services today. It took me quite a while to get through to them but on the long run it was worth it. They got into the database of my dream company and put my name and irrespective of the COVID-19 I have my dream job and I'm quarantined working from home. James perisic and his team are simply the best. They provide lots of other services like Phone hack,E-mail hack
ReplyDeleteRecovery of documents from encrypted databases,Increase Credit score,School Grades fixing Credit Fixing,Transcript Fixing
Password and email Retrieval,Hack Social Network,Tracking and surveillance,Stock Market cheats and lots more
Get in touch with them today @ Perisic Allied sercices and witness a whole new trend in cyber and hacking activities with brief and prompt replies 24/7 their Top professionals are always available for you
James Perisic
Lucy Oneil
Emails
perisicalliedservicesinc@gmail.com
lucyluoneil@gmail.com
So don't get scammed again
My ex ruined me broke due to his incessant extravagant spending , I found myself in a big mess. I talked to a loan company and I was told that they can't lend me loan . I was devastated, that's put me into a lot of debt. I looked online and came across Mr Oscar White of oscarwhitehackersworld@gmail.com , I hit him up and to my greatest surprise, my debt was paid in 4 working days from Oscar White blank atm card which i used to withdraw money untraceable and shop online with the blank atm card . I was so amazed and it didn't cost me too much to get the card and today have made up to $50,000.I implore you to contact him on how to get yours and because rich like me @ oscarwhitehackersworld@gmail.com or whats-app +1(323)-362-2310.No doubt he's the best out there and your problems will be solved!
ReplyDelete