Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- It seems PayPal uses something called JBoss/7.0.17.
- Changing 'signupType' causes the following error:
- https://www.paypal.com/de/webapps/merchantboarding/webflow/unifiedflow?countryCode=DE&signupType=CREATE_NEW_ACCOUNT&productIntentID=pp_express&displayMode=regular&token=&returnUrl=
- --------------------------------------------------------
- HTTP Status 404 - /webapps/merchantboarding/
- type Status report
- message /webapps/merchantboarding/
- description The requested resource (/webapps/merchantboarding/) is not available.
- JBoss Web/7.0.17.Final
- --------------------------------------------------------
- CVE's for JBoss Web/7.0.17
- ==========================
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3190
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3375
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3546
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-2071
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3376
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0022
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2526
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-2729
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-5568
- CVE-2012-4431 Apache Tomcat Bypass of CSRF prevention filter
- CVE-2012-3546 Apache Tomcat Bypass of security constraints
- Also interesting, though probably useless:
- https://www.paypal.com/cgi-bin/gs_web/%00/secret.jpeg
- Results in an actual 'Not Found' page, rather than a redirect.
- This is only the case when '%00' is present. Anything else
- produces the image.
- Hopefully someone can use this. Fuck PayPal and everything they have done.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement