Ο Michael “Artsploit” Stepankin, ένας ανεξάρτητος ερευνητής ασφαλείας, ανακάλυψε ένα κρίσιμο ελάττωμα ασφαλείας στην PayPal που του επέτρεψε να εκτελέσει κακόβουλο κώδικα στους servers της εταιρείας. Το γεγονός του επέτρεψε να αποκτήσει τον πλήρη έλεγχο της υποδομής της PayPal.
The security gap starts from various open source Java libraries.
The researchers who discovered this flaw, first in Java (before Stepankin applied it to Paypal) also published a tool that automatically generates the malicious code needed to exploit this flaw. vulnerabilitys through the Apache Commons Collections Java library.
Stepankin used this tool to create a malicious Java serialized object, which he then used on PayPal. So he discovered that the company's IT failed to protect it.
“I realized that this unsigned Java serialized object could be managed by the application,” Mr. Stepankin said.
"This means you can send the Java serialized object to the server as readObject or as readResolve."
The first malicious software with Java that the researcher was able to upload to PayPal's servers was just a simple test.
After finding the evidence Mr Stepankin created a second exploit, much more intrusive. This exploit contained shell commands and was able to access the / etc / passwd file.
Stepankin came in contact with PayPal and informed them of his discovery. Although the company was already aware of the security gap from another security researcher, he thanked the researcher for his discovery and rewarded him with cash.
As Stepankin says, the matter was reported to the company in mid-December and today it has been repaired.
See PoC
