Friday, 21 March 2014

How Hackers Hack Paypal In some days ago

If you know something about javascript,jquery language and  html then you can understand this easily.

 Don't try it on paypal try on other site use jqurey knowledge and see what happens...

because of Rafay Baloch is an Independent security researcher, An Internet marketer, An Enterprenuer and a SEO consultant, Rafay got famous after finding a Remote Code Execution bug inside Paypal for which Paypal awarded him a sum of 10,000$, Along with it Paypal also offered him a job as a security Ninja. This story was published in multiple news papers such as Tribune, Brecorder and other internet security magazines.

Here is an Example:

Here is an attack that is used in this days rapidly by Hackers..

A Vulnerable Example from W3schools 

The worsed part about DOM Based xss apart from it's complexity is the fact that lots of learning references and guides teach developers to code things in an insecure way i.e. in a way that would introduce vulnerabilities automatically. The following screenshot is taken from the jquery learning section of w3schools. The website needs no introduction, it is the most commonly referred websites for beginners to learn various programming language.
The code uses the html() function inside of jquery to output html, however the problem is that html() is not a safe jquery function and is represented as a dangerous sink as per DOM Based XSS Wiki. In case, where a user controlled input outputted through html() sink without sanitization would lead to a DOM Based xss. The html() function inside of jquery is the equivalent to the innerHTML function inside of javascript. The fundamental problem is that the developers are not advised to use a safe function. Therefore, in my opinion w3schools shall be renamed to w3fools. 
How they do it: 
Here is an subdomain of paypal it is used in attack.*80
The above will shows an output with 460*80 but when when we change it with the following code then what happened let's see.
Here is the code to put into that domain <svg/onload=prompt(1)>.
The code becomes<svg/onload=prompt(1)>
What happens when we goto this site it will show an dialog box that is DDOS XSS attack we do it and hackers also do it similarly.