Independent security researcher Michael Stepankin has reported a since-patched remote code execution hole in Paypal that could have allowed attackers to hijack production systems. The critical vulnerability affecting manager.paypal.com revealed overnight was reported 13 December and patched soon after disclosure. It allowed Stepankin to execute arbitrary shell commands on PayPal web servers through Java object deserialisation opening access to production databases.
View full story
ORIGINAL SOURCE: The Register