2015 – Graham Bleaney

Breaking the Bank – Money and Credential Theft in Venmo (Paypal Product)

By user Posted on May 16, 2015 Posted in Blog Tagged with account-takeover, security, venmo, xss

Abstract I identified a reflected cross site scripting (XSS) vulnerability on the login page of Venmo’s website, and used it to develop a proof of concept exploit that could drain a user’s account and steal their credentials. The effects of this …

Breaking the Bank – Money and Credential Theft in Venmo (Paypal Product) Read more »

Developing an account takeover worm for Pixelapse (Dropbox product)

By user Posted on March 23, 2015 Posted in Blog Tagged with account-takeover, pixelapse, security, xss

Intro In this writeup, I go through the process of finding, and then weaponizing two simple bugs to develop a powerful exploit against Pixelapse. I tried to write this in as friendly a way as possible, to be understandable by people with …

Developing an account takeover worm for Pixelapse (Dropbox product) Read more »

Year: 2015

Breaking the Bank – Money and Credential Theft in Venmo (Paypal Product)

Developing an account takeover worm for Pixelapse (Dropbox product)