Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###########################
- # Paypal Two-Factor Authentication Bypass
- ###########################
- Today, the 5th of August, I release my Paypal 2FA bypass exploit.
- It's been exactly 2 months since I've reported this bug, and due to the
- simplicity of it, I believe I've given Paypal long enough to fix it.
- It's still not fixed.
- Full blog can be found here: http://blog.internot.info/
- My website: http://internot.info/
- My Twitter: https://www.twitter.com/MegaManSec
- *This blog is an excerpt from my blog entry, "Paypal's 2-FActor
- Authentication(2FA): The Good, The Bad, And The Ugly
- <http://blog.internot.info/2014/06/paypals-2-factor-authentication2fa-good.html>",
- in which I detail the use of Paypal's 2Factor system.*
- On the 5th of June, 2014, I found a complete bypass for Paypal's 2FA
- service, in which anybody would be able to access a Paypal account that
- has 2FA setup, by only logging in through a "special" Paypal page.
- eBay, in conjunction with Paypal, provide a service as to where you can
- link your eBay account to your Paypal account, and when you sell
- something on eBay, the fees automatically come out of your Paypal account.
- When setting this up, you're (obviously) asked for your Paypal login.
- <http://1.bp.blogspot.com/-uxvDxHa7Yq8/U5OdMPXKGqI/AAAAAAAAAJE/j5-j7fZULTc/s1600/Screenshot+from+2014-06-06+21:05:01.
- png>
- Linking the two accounts
- <http://1.bp.blogspot.com/-8nyKzVWa4IY/U5Odaf0MHeI/AAAAAAAAAJM/0B1xGx7l6gk/s1600/Screenshot+from+2014-06-06+21:06:23.
- png>
- Login Page
- When you are redirected to the login page(above), the URL contains
- "=_integrated-registration". Doing a quick Google search for this shows
- that it isn't used for anything other than eBay; thus it is setup purely
- for Paypal&eBay.
- Once you're actually logged in, a cookie is set with your details, and
- you're redirected to a page to confirm the details of the process. And
- this is where the exploit lays. Now just load http://www.paypal.com/ ,
- and you are logged in, and don't need to re-enter your login.
- So, the actual bug itself is that the "=_integrated-registration"
- function does not check for a 2FA code, despite logging you into Paypal.
- You could repeat the process using the same "=_integrated-registration"
- page unlimited times.
- <http://3.bp.blogspot.com/-fmOAdRhEkzU/U5OdjPA2GkI/AAAAAAAAAJU/pn4DoliZPhY/s1600/Screenshot+from+2014-06-06+21:07:18.
- png>
- I originally found this on the 5th of June, 2014, and reported it to
- Paypal the same day.
- I have also uploaded a demonstration of it on YouTube.
- ==Found: 5th June 2014==
- ==Reported: 5th June 2014==
- ==Response: 27th June 2014==
- ==2nd Response: 27th June 2014==
- ==3rd Response: 4th July 2014==
- On the 5th of August, I have decided to release this publicly, because
- despite two months given, it still hasn't been fixed.
- You can try it out, by logging into Paypal here:
- https://www.paypal.com/cgi-bin/webscr?cmd=_integrated-registration&i;key=0&i;stamp=1364194631&i;data=J
- GHnP2g2ybqbgKfR7%2B1loOlg24LvI/VppQIqFE8DyTO9hqc1x1pQw42CCLy3EdEogm85LYOTKtU2wYNfjFZvuHSx4PjAHLVtlv6sYdPl2FIBLN7BNr3l%2B
- Pe0WPeDhopUWqhw0PYE9EAyZPkgIZWJgWKGGGNPqdQRjlbNGoCCIox7RLfKmtEDeH8KXEOzZDSmvETO%2B7fkoy06CLe9CkJhE0V8Mh9QN/wNYIF6WMFgHsz
- e7RAS8Qe3j/U9I9zYXDPcfB2L5AVCYI53jcWUOxeKXSlcoV0eIcxkLOkLfmSqnaY9vywEQEhEU2PYoKSqefaZBPFh6Y7kWXVD/7id8PvkrJzKaCUq0nhBRfF
- Gtf1kYrK0ZgX%2Byws4HmiTn4GEL/gaUPtpWviP4BCJmeGOhzQEhbFNYwzuzmOWAaqYfsa62DsAcq3LUy1DyAmBfsLhwzRyzZhKlg1NRz5MxTsuBqlh72W6y
- tc1gEMwh%2BJtBxZTf7EggIaTRLdpjXMlZmwRjkMH2BjX8P4968XicykzmLhTpqpg507flV%2Belq3QNBd9cAliSskS3n/%2Bd1os7FQBnogr4tZ7srcTkoP
- M5nezXqz3caE/loqoJnkWvlRYfNJpSSysjQ%2BThTgiwNtk4eh8X2r3LhepLD27KdM7I299%2BnWVF9veVjw625ZT%2B3MyQMiO7FbMJdng5baW%2BZIRFIe
- ar2GlEJVXMlftP3ibMJAmzGrnKqB0sPwY3augnaBNnz4u32QAaxg8zhvz5FEaELdpFxJ4ptLdRc2MFUBFkUDm%2B5tlpuNl9JzgKTDQnXzYxX/2KYAznivHT
- lsCcwH68kL6EqoiGGTsFoLzp8TqnLvizULu6tdfnTA
- hhxV6kCeRRoyN/a62wahvxDibJgTnTjp4d3/xm4nhkQhQ5/xUgtAN9T1aa7n5PinOWS84AOFR0TB3KpwHsQkoQCGXvzdYZh4wD8ECQzYS9lbpaCLm13GqPG
- K4xC6K2vat8/gt9uoiJbiy77SK2PcMhcRS3KbK9Z0HtDCl&i;ev=1.0&i;locale=en_US
- (For the love of security, please make sure the page you go to is
- https://www.paypal.com/...)
- Once you login(don't press return to eBay), go to paypal.com.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement