Hacking Paypal’s Payment portal using JavaScript – Critical Vulnerability found!

Last time we had seen how you could easily bypass Facebook’s security question. Now this time your are going to learn, how to bypass Paypal’s payment portal using a piece of JavaScript and get all the products for free. looks like every single stuff online has a secret black hole.

hacking paypal buy now button
PayPal allows payments and money transfers to be made through the Internet. It also performs payment processing for online vendors. Normally when you pay the website using Paypal’s “pay now” button, as soon as you make the payment you will be redirected to a secret download page, where in you can find download links for the described product. Remember this download page is secret, but anyone who knows the URL of this page can access it. Now this hack works only for this type of download pages, i.e. for websites using Paypal’s “Pay Now” button.

Such websites having PayPal portal for payment are vulnerable and can be easily exploited using simple javascript. The javascript bypasses the payment page and redirects the user to download page. below is the piece of code:

javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

-How do i use this code?

Example Website : Magic Tricks Collection

First make sure you are using Javascript enabled Browser, better use Mozilla Firefox.
Next, Go to the respective download or ‘buy now’ page of the website and copy-paste the above Javascript in the address bar and hit enter. viola!, you are now being redirected to the download page!

To make it simple, Just create on bookmark of this javascrpt. To do so, Just drag and drop this Bookmarklet >> Paypal-Hack on to your bookmarks area of the Mozilla firefox. Now every time you find any website using such Paypal’s “Buy Now” Button, just hit this bookmarklet.

-How do i find more Websites?

You can easily find more infected websites by using google dork: “this order button requires a javascript enabled browser
i.e. Go to google and search for “this order button requires a javascript enabled browser” , you will get all the websites that are using this outdated button.

Also See: Cool JavaScripts that you must Try on your WebBrowser!

Article by Ashwin Shahapurkar

[Founder] - Quiet type and Creative Guy who enjoys creating and exploring new trends on the Internet. He's currently pursuing B.E. in “Information Technology”. Send an email
Windows phone 8 – New features and Handsets! How to Block Unwanted SMS on Android phone? Candice Boucher wallpapers for Samsung Galaxy Mobiles Mobile Spy App for android, iphone, Blackberry & Nokia
Subscribe to Comments RSS Feed in this post

20 Responses

  1. IT WORKS
    use mozzilla
    it workd to h4x MINECRAFT :p

  2. I am using the scrpit for creating a webnode website but nothing is working

  3. Hey all! Almost ready for the new year!! To anyone who reads this, please help me out with something I have been trying to figure out for the last 24 hrs. thanks! will be back to check often.. Like today and nite! Happy New Years!!

  4. sa marche pas

  5. is this code working in facebook in texas hold em poker and in tetris in buying tetris cash and poker chips and cash????

  6. never worked for me, though i ‘m using firefox

  7. this really worked man, tanks alot.

  8. Just Buullshit It Work Only In The Past

x