A German researcher reportedly netted $500 (£354) from PayPal’s bug bounty programme for a vulnerability that could have allowed an attacker to carry out phishing and other attacks. Vulnerability Laboratory researcher Benjamin Kunz Mejri discovered what he described as a “Filter Bypass and Persistent Profile Mail Encoding Web Vulnerability,” according to a 30 March advisory. The bug also could have allowed session hijacking, persistent redirecting to external sources and persistent manipulation of affected or connected service module context, the advisory said.
View full story
ORIGINAL SOURCE: SC Magazine