PayPal’s Partner Program website (paypal-marketing.com) was plagued by a vulnerability that could have been exploited for remote code execution. The security hole was identified by Milan Solanki, a member of Germany-based Vulnerability Lab. According to an advisory published by the security firm, the bug discovered by the expert is related to the Java Debug Wire Protocol (JDWP), the protocol used for communication between a debugger and the Java virtual machine which it debugs. IOActive researchers showed in April 2014 that the JDWP service can be abused for reliable remote code execution. IOActive also released jdwp-shellifier, a tool designed to help penetration testers achieve remote code execution on the JDWP service.
