The Bug That Exposed Your PayPal Password

And Credit Card Number Too

Alex Birsan
5 min readJan 8, 2020

--

When hunting for security issues, the pursuit for uncharted assets and obscure endpoints often ends up taking the focus away from obvious, but still critical, functionality.

If you approach a target like you are the first person to ever perform a security assessment on it, and check everything thoroughly, I believe you are bound to find something new — especially if the code you are testing has been in continuous development for a while.

--

--