Yasser Ali, an Egyptian student and ‘ethical hacker’ found a pair of serious vulnerabilities at PayPal, including a method that allowed a “single click” infiltration of user accounts.
The PayPal security team fixed the gaping holes that would allow cross site request forgers to execute authorized commands, eventually taking full control of PayPal accounts.
In addition, the same ethical hacker found and reported that security questions on PayPal accounts were not locked with a password authentication mechanism, thus allowing him to modify PayPal profiles at will.
PayPal rewarded him with $10,000 dollars as a bounty, per the PayPal vulnerability reporting program that allows security experts to report issues.
You can view a video of Yasser Ali’s demonstration of the PayPal account infiltration below.
wow nice one, congrats Yasser Ali , u found worth for $10k … nice to know that PayPal rewarded him.