Back to directory
WRITEUP #5220

Paypal bug $10K - All Secondary users account takeover leads to unauthorized money transfer from paypal business accounts

IDOR
by@mohdhaji24(Mohd haji)
Bounty
10,500
Program
Paypal
Published
Jul 30, 2019
Added to HackDex
Sep 15, 2022
Read Full Writeuphttps://web.archive.org/web/20210124152317/https://whitehathaji.blogspot.com/2019/07/paypal-bug-10k-all-secondary-users.html
RELATED WRITEUPS
Zomatoooo! IDOR in Saved Payments
IDOR
How I got my first $13500 bounty through Parameter Polluting (HPP)
IDORXSS
The Butterfly Effect: Turning Overlooked - Misconfigurations into Zero Click Account Takeover
APIGraphQL
A Creative Way To Get Someones YouTube Videos Deleted + A Copyright Strike Against Their YouTube Channel
IDORBroken Access Control
Bypassing ACLs – IDOR exploitation via HPP
IDORHTTP parameter pollution

Built with ❤️ by Shubham Rawat