Patrik Fehrenbach

[Research] Phishermans Friend – Getting control over a phishing backend

Dear Readers, once in a while I enjoy blogging about things unrelated to bug bounties. And so, as it happens, on a quiet Thursday night as I was about to go to bed, I received the following e-mail: Hmmm unwanted login from a location near Berlin? My younger brother lives in Berlin, I wondered if […]

[Research] Phishermans Friend – Getting control over a phishing backend Read More »

[BugBounty] Papyal XML Upload Cross Site Scripting Vulnerability

Greetings readers, today i want to share with you one of my latest findings on Paypal.com.When creating an invoice Paypal allows the users to upload attachements for the invoices one attachement that they allow is a XML file. What the developer may missed here is that you can actually insert HTML into XML files, the namespace

[BugBounty] Papyal XML Upload Cross Site Scripting Vulnerability Read More »

[BugBounty] Reflected Cross Site Scripting at Paypal.com

Dear followers, i found a reflected Cross Site Scripting issue on the new Paypal Directory service (https://www.paypal.com/directory/merchants), with the following Payload: &q=509%22%20src=%22http://www.example.com/exploit509.js%20%3C script %3E alert %281%29%3C/ script %3E The vulnerable Parameter was the q? Parameter, i was able to break the script contex of the page, i think it was because of the &q Parameteter,

[BugBounty] Reflected Cross Site Scripting at Paypal.com Read More »

[BugBounty] malicious redirect on mailroom.prezi.com

Dear readers, today i want to share a short story of a bug i found on one of prezi’s subdomains called mailroom.prezi.com.The Webserver at http://mailroom.prezi.com is configured to redirect the Users to the Login Page of Prezi, so far so good, i found out that if you add a Domain lets say http://mailroom.prezi.com/.anydomain.com to the end

[BugBounty] malicious redirect on mailroom.prezi.com Read More »

[BugBounty] Reflected Cross Site Scripting BillMeLater

Dear followers, i recently found a reflected Cross Site Scripting issue on a Subdomain of BillMeLater (Paypal acquisition) it was possible to break the style attribute and add malicious Javascript Code into the Application. “–></style></ script >< script > alert (“XSS “)</ script > When ending the previous style and script element it was possible

[BugBounty] Reflected Cross Site Scripting BillMeLater Read More »

de_DEGerman