![]() ![]() In the fix, they've separated the logins for both. The problem caused because the PayPal Community site login was linked with the original login. I made a video then (Chill! I'll public it) and in which I showed them that after this bypass, an attacker can send money, receive money, withdraw money, edit account settings, I mean just can do everything. They claimed that when a person does this, our "INTERNAL SECURITY SYSTEM" prevents the user from doing further actions but they were wrong. ![]() I reported it to PayPal and then they fixed it after like month or two. Seem pretty easy right? Yes, it is pretty easy to bypass. After logging-in to the PayPal Community site, click on PayPal Home link at the top which redirects to main site and BOOOOOMMMMMM!!!. Then click on the Login button there (Located at the top) and enter your correct PayPal login. Login to PayPal, when it asks to verify the account ownership so just leave it as it is and open in another tab. Reproduction: So now suppose you don't have access to that phone number entered there so let's do the bypass! (It's easy af). PayPal account ownership verification page Then PayPal sends a verification code and when the user enters the correct verification code there on that page, the login then gets completely successful and then the user is able to perform further actions like account overview, send money, receive money, account settings etc. So the user will have to select a phone number, choose if the user wants to receive verification code via SMS or Call. (The Phone Numbers that are in account appears there so you can choose and PayPal will send code via SMS/Call). The user then gets stuck at a page after logging in where the PayPal asks the user to verify account via SMS or Call. then the PayPal asks the user to verify his/her account ownership. So the bug is that when someone logs-in to his/her PayPal account, due to some cases i.e Login from unusual location, entering wrong password first and then entering correct password etc. I guess its Reproduction is the "Smallest Bug Reproduction Ever". You can send them a personal message from their Facebook or Twitter pages.So this a very simple bug that I found in PayPal back then in January 2015. Have you considered contacting Customer Service via Facebook or Twitter? You can send them a message, during business hours you may also be able to message whilst logged out.Ĥ. Paypal phones are slowly re-opening and increasing in numbers (you can use the guest option if you can't log in).ģ. you another way and then add your new phone number to your account.Ĭontact options for Paypal are accessed by clicking help/contact bottom left of Paypal pages.ġ. If that does not work then you would need to contact customer services so that they can i.d. Changing the password a few times sometimes works as it can bypass the phone verification. Trying again another day when sometimes you can get in without doing the verification and then change the number.ĥ. Trying another browser that may let you in without phone verification (then change it when you have logged in).Ĥ. Use the forgotten password option several times.ģ. Downloading the app to see if it will let you in to change / update it in the settings.Ģ.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |