Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacking PayPal server by exploiting a Remote Code Execution flaw

Security expert discovered a way to hack a PayPal server by exploiting a Remote Code Execution flaw affecting the Java Debug Wire Protocol (JDWP) protocol. Security researcher Milan A Solanki discovered a new critical remote code execution vulnerability in PayPal platform. An attacker could exploit the vulnerability to execute arbitrary code on the PayPal  Marketing online-service […]

Hacking PayPal server by exploiting a Remote Code Execution flaw

Security expert discovered a way to hack a PayPal server by exploiting a Remote Code Execution flaw affecting the Java Debug Wire Protocol (JDWP) protocol.

Security researcher Milan A Solanki discovered a new critical remote code execution vulnerability in PayPal platform. An attacker could exploit the vulnerability to execute arbitrary code on the PayPal  Marketing online-service web-application server, the flaw has been rated Critical by Vulnerability Lab with a CVSS count of 9.3.

Solanki reported the flaw to the Paypal developer team that promptly fixed it.

The Remote Code Execution flaw affects the Java Debug Wire Protocol (JDWP) protocol of the PayPal marketing online service web-server, as explained by Oracle this optional protocol it used for communication between a debugger and the Java virtual machine (VM) which it debugs.

One year ago security researcher at IOActive Christophe Alladoum published an interesting post titled “Hacking the Java Debug Wire Protocol – or – “How I met your Java debugger”. The JDWP does not implement any authentication mechanism, this allows an attacker to execute arbitrary code remotely onto the affected Web server.

The vulnerability in PayPal platform is very dangerous because ill-intentioned can exploit it to execute system code against the company server and compromise them, without any privilege or user interaction. Solanki used the jdwp-shellifier tool from Github to scan the marketing sites searching for opened port 8000.

PayPal hacking 2

Solanki used the jdwp-shellifier tool from Github for reconnaissance, he scanned the marketing sites and once found opened port 8000 he will establish a connection to the service without any authentication and run server-side exploit codes with root privileges.

“The tool that i used to disclose is the jdwp-shellifier. I scanned the marketing site and it had opened port 8000 (pre-auth) than i just executed after accepted connection my commands and finally disclosed a remote code execution issue.” wrote Solanki.

The opened port 8000 made him establish a connection to the service without any authentication that allowed him to execute his server-side codes with root privileges.

The expert published a video PoC for the exploitation of the flaw to demonstrate how to hack a server.

Pierluigi Paganini

(Security Affairs –  PayPal, Remote Code Execution)