Paypal Inc - Medium Severity Open Redirect Web Vulnerability fixed!

Editorial_Staff_Team's picture
Paypal | Open Redirect Web Vulnerability

Paypal Inc - Medium Severity Open Redirect Web Vulnerability fixed!

Security researcher Ayoub Ait Elmokhtar found an Open Redirect Web Vulnerability (EIBBP-32252) in the official PayPal web application. The vulnerability has been accepted by Paypal and the researcher was rewarded with 250 US$. The researcher started the research by the use of different versions of known redirect issues like for instance:

It will redirect you to since this is an open redirect vulnerability in Google, since Google allow open redirect and didn't consider it in scope of Bug Bounty.

So appending this link url and visiting :

It seems like it will redirect to but it won't - it will endup with a result which clearly appear to be a filter against directory filtering. This assumes that everything after in this parameter won't work. Well if we try accessing a subdomaine of google like it will not work and no redirection takes place.

So this is clearly appear to be some Oauth rules about redirect parameter rules:
1 - Subdomaine Filter
2 - Directory Filter

The final working POC which bypass the directory filtering :

So this worked:
This worked not:

You should see the bypass with // which is likely an old python library URL rules bypass.

Oauth documentation say that you shouldn't accept subdomaines neither directories in the redirect url.

FINAL POC (does not work anylonger because the vulnerability has been patched by PayPal.


Rate this article: 
Average: 4.3 (6 votes)


Med Amine's picture

Nice finding man , you catch it (y) keep it up.

vdvcoder's picture

Nice bro!

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.