Hacking Paypal Using JavaScript – Critical Vulnerability Found!

Updated

Last time we had seen how you could easily bypass Facebook’s security question.

Now this time your are going to learn, how to bypass PayPal’s payment portal using a piece of JavaScript and get all the products for free. looks like every single stuff online has a secret black hole.

PayPal allows payments and money transfers to be made through the Internet. It also performs payment processing for online vendors.

Normally when you pay the website using PayPal’s “pay now” button, as soon as you make the payment you will be redirected to a secret download page, where in you can find download links for the described product.

Remember this download page is secret, but anyone who knows the URL of this page can access it. Now this hack works only for this type of download pages, i.e. for websites using PayPal “Pay Now” button.

how to bypass paypal payment

Such websites having PayPal portal for payment are vulnerable and can be easily exploited using simple JavaScript. The JavaScript bypasses the payment page and redirects the user to download page. below is the piece of code:

javascript:top.location=document.getElementsByName('return')[0].value; javascript:void(0);

How do i use this code?

UPDATE! PayPal has rectified this flaw and it no more works.

Example Website : Magic Tricks Collection

First make sure you are using Google Chrome Web-browser. Copy the JavaScript by Right Clicking on ‘PayPal Hack’ and ‘Copy link address’.

PayPal-Hack

Next, Go to the respective download or ‘buy now’ page of the website that is using PayPal as payment Gateway and Press F12 key on your Keyboard.

This will Open-up Developer Options. Click Console Tab and paste the JavaScript that you copied before and Hit Enter Key to Run. Once you Press Enter key, viola!, you are now being redirected to the download page!

How do i find more Websites?

You can easily find more infected websites by using google dork: “this order button requires a JavaScript enabled browser

Go to google and search for “this order button requires a JavaScript enabled browser” , you will get all the websites that are using this outdated button.

Related posts:

  1. The rise of evil JavaScript
  2. JavaScript to Send Automatic Facebook Fan-Page Invites
  3. Add all friends to Facebook group

Ashwin S

A cybersecurity enthusiast at heart with a passion for all things tech. Yet his creativity extends beyond the world of cybersecurity. With an innate love for design, he's always on the lookout for unique design concepts.