******************************************************** # Exploit Title : Paypal app Link Open Redirection # Explanation : Suspicious link for UK users - [Maliciousing Link via Redirect] # Vendor Homepage : www.paypal.com # Exploit Author: Iran Cyber Security Group # Date : 2019-07-09 # Tested on : Win10 , Kali Linux # Discovered By : Und3rgr0und # Our Team : www.iran-cyber.net ******************************************************** Description : Our team has found some kind of bug bounty that has a medium risk for its users.On the PayPal website, many times you see that there are links for downloading the apps mobile for example (https://app.adjust.com/ybp7iw). So if we check in different parts of the website For uk users there is a section below : http://cdn.persiangig.com/preview/FP1RGw2D5O/large/apps.png So the hacker uses it . To do this, just create a malicious link and put it in a link endpoint. **************************** # Open Redirection : **************************** Healthy address : 1- https://app.adjust.com/bfpiqs_meciev?fallback=https%3A%2F%2Fwww%2Epaypal%2Ecom%2Fuk%2Fwebapps%2Fmpp%2Fmobile%2Dapps malicious Address : 2- https://app.adjust.com/bfpiqs_meciev?fallback=https%3A%2F%2Fwww%2Epaypali%2Ecom%2Fuk%2Fwebapps%2Fmpp%2Fmobile%2Dapps **************************** For Example : ( domain paypal.com to paypali.com Or anything that is not suspicious ) Note : Fix address in page : https://www.paypal.com/uk/home **************************** # Impact It's enough to put malicious links in groups that are UK users, and put it as a link to download the PayPal mobile apps, And easily redirect to a dangerous page .