Phishing meets Cross Site Scripting at Paypal

By Paladion

June 21, 2006

Netcraft reports a very convincing phishing attack on Paypal, exploiting a Cross Site Scripting vulnerability on the Paypal site.
The phishers exploit a XSS vulnerability on the original Paypal site. They automatically re-direct the user to the Phisher's site after they are induced to visit the original site. Netcraft has step-by-step screen shots of the attack.
The vulnerable page on the Paypal site was SSL-secured, so a user who visited the page even saw a valid Paypal SSL certificate. The auto-redirect told the users their account had been temporarily disabled, and to visit the "Resolution Center" for re-activating it. The phishers, of course, hosted the Resolution Center.
Paypal has fixed the vulnerability.
This seems to be the first appearance of phishing and XSS together. Expect to see more of this in the coming months.

Tags: Uncategorized