Full Disclosure mailing list archives
Re: PayPal donation form reveals beneficiary's email address
From: ghost <ghosts () gmail com>
Date: Sat, 2 May 2009 23:02:23 -0400
You wrote a security advisory with 11 references which you provided on the bottom simply to say... paypal leaks your e-mail address. The security industry is not for you, go back to checkers. On Sat, May 2, 2009 at 3:52 PM, Eitan Caspi <eitancaspi () yahoo com> wrote:
I agree Frank, and so I wrote "By clicking a recent version (so I believe, I can't trace and test various versions) of a PayPal Donation button...". It doesn't happen in ALL of the donation buttons. I also believe this happens mostly in button codes created by the PayPal site and less or at all in donation buttons/forms manually created by the beneficiary at its own site, and I think the site you linked to is made just with this kind of manual code. Eitan -----Original Message----- From: Frank Dietrich [mailto:bits_n_bytes () gmx de] Sent: Saturday, May 02, 2009 8:50 PM To: full-disclosure () lists grok org uk Cc: eitancaspi () yahoo com Subject: Re: [Full-disclosure] PayPal donation form reveals beneficiary's email address Hi Eitan, Eitan Caspi <eitancaspi () yahoo com> wrote:3. At the donation request page you landed at click the donation button ... [...] 4. Read the beneficiary's primary email address at the top of the donation form in PayPal (located in the "h1" section of the HTML code of the form).May be not true for every paypal donation form. If you click on following site on the doante button http://www.art-stream.org/donate.php#donate-now there is no email address in the page source. Or I don't get the point. regards Frank -- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- PayPal donation form reveals beneficiary's email address Eitan Caspi (May 01)
- Re: PayPal donation form reveals beneficiary's email address Frank Dietrich (May 02)
- Re: PayPal donation form reveals beneficiary's email address Eitan Caspi (May 02)
- Re: PayPal donation form reveals beneficiary's email address ghost (May 02)
- Re: PayPal donation form reveals beneficiary's email address Eitan Caspi (May 02)
- Re: PayPal donation form reveals beneficiary's email address Frank Dietrich (May 02)