PayPal plugs SQL injection hole, tosses $3k to bug-hunter

PayPal has fixed a security bug that could have allowed hackers to compromise the payment website’s databases using an SQL injection attack.

Researchers at Vulnerability Laboratory earned a $3,000 reward for discovering and reporting the critical bug to PayPal in August. An advisory sent to the Full Disclosure security mailing list explained the scope of the vulnerability, which was fixed this month.

The flaw was found in the code that confirms an account holder’s email address, and could have allowed attackers to get past PayPal’s security filters to compromise backend databases and grab sensitive information — via redwolf.newsvine.com

Share this Story
Load More Related Articles
Load More By Red Wolf
Load More In Technology

Leave a Reply

Your email address will not be published. Required fields are marked *

Photos from Flickr