|
|
|
|
|
|
by nowarninglabel
4230 days ago
|
|
|
My understanding is that the author is saying they are able to do arbitrary code execution on Paypal's servers (at least the ones hosting their help center). If I understand correctly, one could upload executable code to certain profile fields in one's developer account and then get their help center to execute those. I suppose the criticality of that would depend on what all was hosted on their help center server as well as what other servers one could gain access to via it. |
|
|