PayPal Bug Bounty #117 - Bypass & Remote Session Fixation Vulnerability
The Vulnerability Laboratory Core Team member Hadji Samir discovered a session fixation web Vulnerability (EIBBP-31983)[P2] in the official PayPal Inc online service web-application. The vulnerability allows remote attackers to manipulate user session information to takeover the data for malicious purpose.
Data enters a web application through an untrusted source, most frequently an HTTP request. The data is included in an HTTP response header sent to a web user without being validated for malicious characters. HTTP response splitting is a means to an end, not an end in itself. At its root, the attack is straightforward: an attacker passes malicious data to a vulnerable application, and the application includes the data in an HTTP response header. The security risk of the session fixation web vulnerability is estimated as medium. (CVSS 4.3)
Advanced Persistent Threat Golden_hands - Digital Bank Robbery of the Year 2020
Facebook Security - 12.500$ Bug Bounty reward to Security Researcher
Bug Bounty Program Award Winners 2014 - Exclusive Interview by Microsoft & PayPal
Shopify | Buy Button | Persistent Embed POST Inject Vulnerability