Tag Archives: phishing

xml encoding for phish

tl;dr: xml encoded iframe payload for phishing. plz see poc. In december 2015 I found a html injection vulnerability within paypals money request function. I used a xml encoded iframe payload on account registration at Paypal to do phishing attack on money request. The xml encoded payload: <Iframe/src=http://outofctrl.it/a.html Width=“640″ Height=“480″></iframe> Proof of concept: Timeline: Dez. […]

phishing with html

TL;DR: HTML inection within money request mail leads to phish. I recently found a html injection vulnerability within Paypals money request function. I was able to inject html code into a money request mail send from Paypal to a victim user and turned it into a neat phishing mail. keine<br><br><b>Hinweise von Paypal<br>Achtung!!</b> Dein Kontostand ist […]