You wrote a security advisory with 11 references which you provided on the bottom simply to say...
paypal leaks your e-mail address. The security industry is not for you, go back to checkers. On Sat, May 2, 2009 at 3:52 PM, Eitan Caspi <[email protected]> wrote: > I agree Frank, and so I wrote "By clicking a recent version (so I believe, I > can't trace and test various versions) of a PayPal Donation button...". > > It doesn't happen in ALL of the donation buttons. I also believe this happens > mostly in button codes created by the PayPal site and less or at all in > donation buttons/forms manually created by the beneficiary at its own site, > and I think the site you linked to is made just with this kind of manual code. > > Eitan > > -----Original Message----- > From: Frank Dietrich [mailto:[email protected]] > Sent: Saturday, May 02, 2009 8:50 PM > To: [email protected] > Cc: [email protected] > Subject: Re: [Full-disclosure] PayPal donation form reveals beneficiary's > email address > > Hi Eitan, > > Eitan Caspi <[email protected]> wrote: >>3. At the donation request page you landed at click the donation >>button ... >>[...] >>4. Read the beneficiary's primary email address at the top of the >>donation form in PayPal (located in the "h1" section of the HTML >>code of the form). > > May be not true for every paypal donation form. > If you click on following site on the doante button > http://www.art-stream.org/donate.php#donate-now > there is no email address in the page source. > Or I don't get the point. > > regards > Frank > -- > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
