********************************************************
# Exploit Title : Paypal app Link Open Redirection
# Explanation : Suspicious link for UK users - [Maliciousing Link via Redirect]
# Vendor Homepage : www.paypal.com
# Exploit Author: Iran Cyber Security Group
# Date : 2019-07-09
# Tested on : Win10 , Kali Linux
# Discovered By : Und3rgr0und
# Our Team : www.iran-cyber.net
********************************************************
Description :
Our team has found some kind of bug bounty that has a medium risk for its users.On the PayPal website, many times you see that there are links for downloading the apps mobile for example (https://app.adjust.com/ybp7iw). So if we check in different parts of the website For uk users there is a section below :
http://cdn.persiangig.com/preview/FP1RGw2D5O/large/apps.png
So the hacker uses it . To do this, just create a malicious link and put it in a link endpoint.
****************************
# Open Redirection :
****************************
Healthy address :
1- https://app.adjust.com/bfpiqs_meciev?fallback=https%3A%2F%2Fwww%2Epaypal%2Ecom%2Fuk%2Fwebapps%2Fmpp%2Fmobile%2Dapps
malicious Address :
2- https://app.adjust.com/bfpiqs_meciev?fallback=https%3A%2F%2Fwww%2Epaypali%2Ecom%2Fuk%2Fwebapps%2Fmpp%2Fmobile%2Dapps
****************************
For Example : ( domain paypal.com to paypali.com Or anything that is not suspicious )
Note : Fix address in page : https://www.paypal.com/uk/home
****************************
# Impact
It's enough to put malicious links in groups that are UK users, and put it as a link to download the PayPal mobile apps, And easily redirect to a dangerous page .
