PayPal has fixed a security bug that could have allowed hackers to compromise the payment website's databases using an SQL injection attack.
Researchers at Vulnerability Laboratory earned a $3,000 reward for discovering and reporting the critical bug to PayPal in August. An advisory sent to the Full Disclosure security mailing list explained the scope of the vulnerability, which was fixed this month.
The flaw was found in the code that confirms an account holder's email address, and could have allowed attackers to get past PayPal's security filters to compromise backend databases and grab sensitive information.
keyboard shortcuts: V vote up article J next comment K previous comment