Posts

[PayPal BBP] I could’ve deleted All SMC messages. Using Brute-Force technique.

Image
Introduction:
While playing around with SMC platform at paypal.com, I came across an interesting endpoint which doesn’t include CSRF token within its request when you delete a message. Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, in this case a CSRF attack can force the user to delete all of his messages without the victim notice.

PayPal Message Center [SMC]:
PayPal has created a Message Center for its customers, like most financial institutions and eBay provide. The Message Center gives PayPal the ab…