I could set up a redirect to POST data to that search form and steal his cookies... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		nemothekid on May 26, 2013 \| parent \| context \| favorite \| on: PayPal.com XSS Vulnerability I could set up a redirect to POST data to that search form and steal his cookies/replace the page with a login form/all the fun you get running arbitrary javascript.

deckar01 on May 26, 2013 [–]

If you can redirect someone to that page you could redirect them to any page... But they want to go to PayPal, you send them there, and you pass along some post data to hijack their session.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact