Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: PayPal donation form reveals beneficiary's email address
From: "Eitan Caspi" <eitancaspi () yahoo com>
Date: Sat, 2 May 2009 22:52:21 +0300

I agree Frank, and so I wrote "By clicking a recent version (so I believe, I can't trace and test various versions) of 
a PayPal Donation button...".

It doesn't happen in ALL of the donation buttons. I also believe this happens mostly in button codes created by the 
PayPal site and less or at all in donation buttons/forms manually created by the beneficiary at its own site, and I 
think the site you linked to is made just with this kind of manual code.


-----Original Message-----
From: Frank Dietrich [mailto:bits_n_bytes () gmx de] 
Sent: Saturday, May 02, 2009 8:50 PM
To: full-disclosure () lists grok org uk
Cc: eitancaspi () yahoo com
Subject: Re: [Full-disclosure] PayPal donation form reveals beneficiary's email address

Hi Eitan,

Eitan Caspi <eitancaspi () yahoo com> wrote:
3. At the donation request page you landed at  click the donation
button ...
4. Read the beneficiary's primary email address at the top of the
donation form in PayPal (located in the "h1" section of the HTML
code of the form).

May be not true for every paypal donation form.
If you click on following site on the doante button
there is no email address in the page source.
Or I don't get the point.


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]