PayPal Flaw Allowed Hackers to Deliver Malicious Images

A recently discovered security vulnerability in PayPal could accept allowed hackers to insert malicious images into payment pages. PayPal has now fixed the exploit.

Not everything hosted on legit sites is malware-complimentary, PayPal exploit confirms

Security researcher Aditya Yard Sood discovered that hackers could play with the value of a parameter in the URL of the PayPal payment pages. Criminal hackers could replace this parameter value with a URL pointing to an prototype hosted on a remote server, serving malware. In the by, we accept reported on several exploits that hackers use to hide malware in images. PayPal's vulnerability could have allowed hackers to utilise a vendor'south payment page to deliver these malicious images. Since the epitome and the links are placed in the payment pages of PayPal, with the URL hosted on paypal.com, there was an increased probablity that the victims would fall for this trap, unwittingly opening the malicious links.

Sood said that this is an "insecure design as PayPal allows remote users to inject images owned by them into the PayPal components used for transactions by the customers." "That being said, the question is - can you deliver malware or an exploit through images? The reply is yes. Exploit techniques such as Stegosploit tin be used to reach that," Sood toldSecurityWeek. He demonstrated the flaw by displaying an arbitrary epitome - which could of course be besides used to deliver a piece of malware - on a vendor's payment page.

Security researcher reported this vulnerability to PayPal in Jan, notwithstanding, the company has only now patched this exploit. At first, it told Sood that the assault scenario was unlikely to happen since there are easier ways to deliver malware. PayPal also said that it actively scans for malicious content hosted on the site, but Sood insists that this is a high take a chance vulnerability. The payment processor then decided to patch the flaw and awarded Sood $ane,000 in issues bounty.

Source: https://wccftech.com/paypal-hackers-deliver-malicious-images/

Posted by: shooptandinque.blogspot.com

Share this post