Latest News

Paypal Mobile Verification And Payment Restrictions Bypass


In this post, i would like to share a very simple logic flaw I found earlier this year I have found a way to circumvent mobile verification by utilizing a different portal for logging into a paypal account. The flaw lies in the fact that paypal does not perform two step verification/authorization checks on all different portals that are used to log into a paypal account. Ideally, there should be a centralized authentication mechanism to authenticate the user or else additional authorization checks have to be applied to all different portals that are used to log into paypal ccount.

In this case, We could use the mobile activation page to log into the paypal account without happen to use a mobile phone.

https://www.paypal.com/us/cgi-bin/?cmd=_mobile-activate-outside


Demonstration



Unfortunately, the bug was marked as duplicate so it was not eligible for a bounty, however that really doesn't matter as the fun and the learning is more important. However, there are still other ways to circumvent mobile verification, however i did not wish to report.

Bypassing Payment Restrictions

After you have bypassed paypal might restrict you from transferring funds to another account, however there is a simple way of bypassing it as well, all you have to do is to create a donation button or any other payment button from paypal and directly use that to transfer money, paypal does not enforce any restriction on it.

Example

https://www.paypal.com/id/cgi-bin/webscr?cmd=_flow&SESSION=OvGwImW-aZGi7_Jf-oBOYlXFljX6KfnUMxeUoxyow7Woq8ZZYb7SihFpKQy&dispatch=50a222a57771920b6a3d7b606239e4d529b525e0b7e69bf0224adecfb0124e9b61f737ba21b08198d1a93361f052308ac20c1249d8113f4c

TABLET PWN PAD 3 IS DESIGNED FOR HACKING

002
Pwnie Express Company is widely known in narrow circles as a manufacturer of various "spy" gadgets flush pentesting, that is to test the network for vulnerabilities without the knowledge of the company's employees. We go to the office, leave the unit, disguised as an outlet or extension cord, and he collected all the necessary information. Now the company has released a hacker third model tablet Pwn Pad - its flagship product for mobile pentesting.
Pwn Pad 3 is made ​​based on the Nvidia Shield, so that from a hardware perspective is fairly powerful (see. Review of the tablet): Cortex A15 processor at 2.2 GHz and 2 GB of RAM correspond to the level of notebooks about five years ago.
It is important that it pre-installed the necessary software. Manufacturer careful in choosing the software and gradually improves and updates the list of programs on the operating system, Kali Linux. Now added to the list of Kali Disk Forensics for analysis of hard drives. External drive must be connected directly via USB-cable, mount - and it will be available to the hacker set of utilities.
To connect the peripherals bundled with the tablet cable goes OTG.
Another innovation in the Pwn Pad 3 has become a feature update "over the air". Previously, you had to manually change the firmware, now it comes and installed automatically.
The new version of the kit (it includes an external adapter Bluetooth, WiFi, Ethernet and cable OTG, pictured above) is a lot of: $ 1095. But fun and something much!

004


Contact Us

24x7 online , we happy to answer you
tamilcypc@gmail.com

Disclaimer

This Blog and its TUT's are intended for educational purposes only, no-one involved in the creation of this TuT may be held responsible for any illegal acts brought about by this Blog or TuT.



Featured Post

Custom Domains And HTTPS Redirection Code