This is both absolutely disturbing and quite encouraging at the same time. This type of session riding flaw is scary and one wonders why it was not caught earlier. That said, it is great to see organizations like PayPal reaching out to the community and using bounty programs to discover bugs and solve security problems. We (the IT Security Community) are all in this together.
top of page
bottom of page