Blind SQL Injection vulnerability in PayPal Notifications website

Sponsored Links


An Indian Security Researcher Prakhar Prasad has discovered a Blind SQL Injection vulnerability in Paypal Notifications website(paypal-notify.com) that allowed researcher to access database of Paypal notification system.

" As a part of Paypal Bug Bounty Program, I did a responsible disclosure of the bug to Paypal Security Team " The researcher said in his blog.


SQLMap displays the Database name after injection


The PayPal security team patched the vulnerability immediately, just the next day after the Prasad's vulnerability report due to its high severity.

The Paypal security team patched the vulnerability and rewarded the researcher with $3000 for the SQLi and additional $350 for other less critical bugs on 21st January.
Category: / / / /

Share this with Your friends:


About Author

, founder of E Hacking News, an Information Security enthusiast who has more interest in PenTesting and Malware analysis. You can find him on Google+ Profile , Twitter and Facebook.