mailing list archives
Re: PayPal donation form reveals beneficiary's email address
From: "Eitan Caspi" <eitancaspi () yahoo com>
Date: Sat, 2 May 2009 22:52:21 +0300
I agree Frank, and so I wrote "By clicking a recent version (so I believe, I can't trace and test various versions) of
a PayPal Donation button...".
It doesn't happen in ALL of the donation buttons. I also believe this happens mostly in button codes created by the
PayPal site and less or at all in donation buttons/forms manually created by the beneficiary at its own site, and I
think the site you linked to is made just with this kind of manual code.
From: Frank Dietrich [mailto:bits_n_bytes () gmx de]
Sent: Saturday, May 02, 2009 8:50 PM
To: full-disclosure () lists grok org uk
Cc: eitancaspi () yahoo com
Subject: Re: [Full-disclosure] PayPal donation form reveals beneficiary's email address
Eitan Caspi <eitancaspi () yahoo com> wrote:
3. At the donation request page you landed at click the donation
4. Read the beneficiary's primary email address at the top of the
donation form in PayPal (located in the "h1" section of the HTML
code of the form).
May be not true for every paypal donation form.
If you click on following site on the doante button
there is no email address in the page source.
Or I don't get the point.
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/