An Egyptian hacker demonstrated that using a single exploit is possible to take control of any PayPal account due to the presence of a series of flaws .
The Egyptian security researcher, Yasser H. Ali has reported three critical vulnerabilities in PayPal website that could be exploited by an attacker to compromise users’ account. The vulnerabilities include a CSRF and an Authentication token bypass and Resetting the security question flaw.It’s not the first time that Yasser discovers similar bugs the users’ account has found in the eBay website a series of vulnerabilities that allowed him to hijack any eBay account in just 1 minute.http://securityaffairs.co/wordpress/wp-content/uploads/2014/12/PayPal-hacking.png
“I found out that the CSRF Auth is Reusable for that specific user email address or username, this means If an attacker found any of these CSRF Tokens, He can then make actions in the behave of any logged in user.” Yasser explained to The Hacker News.
Full Article