Epic Fail with Evernote Newsletters
I noticed this post and also remembered one epic file in mailings, this time from Evernote. Each newsletter has a link to “Reject this newsletter”.
Excellent function, you can not argue. This link just looks like this:
lists.evernote.com/link.php?M=93041770&N=1408&L=7&F=H
And what is surprising and terrible is that the “M” field is a user ID and by clicking on this link we will receive a page like “Do you really want to unsubscribe?”, Which will show the real mail of this user. There are no keys, hashsum or anything else in the link no. As a result, by changing the number in the “M” field, we can easily proceed from zero to “as much as possible” and get the mailing address database of Evernote users. This is such confidentiality.
Excellent function, you can not argue. This link just looks like this:
lists.evernote.com/link.php?M=93041770&N=1408&L=7&F=H
And what is surprising and terrible is that the “M” field is a user ID and by clicking on this link we will receive a page like “Do you really want to unsubscribe?”, Which will show the real mail of this user. There are no keys, hashsum or anything else in the link no. As a result, by changing the number in the “M” field, we can easily proceed from zero to “as much as possible” and get the mailing address database of Evernote users. This is such confidentiality.
')
Source: https://habr.com/ru/post/142135/
All Articles