Hack PayPal Account  Mr. Yasser tells that How the security breach in paypal and hackers can hijack account just single click. He mentioned in his blog. In the POC Video Mr. Yasser successfully bypassed the PayPal security to generate exploit code for targeted attacks. 1- Reusable CSRF Token: The CSRF token “that authenticate every single request made by the user” which can be also found in the request body of every request with the parameter name “Auth” get changed with every request made by user for security measures, but after a deep investigation I found out that the CSRF Auth is Reusable for that specific user email address or username, this means If an attacker found any of these CSRF Tokens, He can then make actions in the behave of any logged in user. Hmm, it seems interesting but still not exploitable, as there is no way for an attacker to get the “Auth” value from a victim session. 2- Bypassing the CSRF Auth System: The CSRF Auth verifies every single request
THE BEST IS YET TO COME!!!