PayPal : User Credit Card Information Disclosure
Okay... So, here is another one old & duplicate bug from PayPall, which I reported looooong back.
I have found some strange results of api-3t.sandbox.paypal.com. This sub domain is storing all credit card information of paypal user in URL. Below is the google dork for finding such “stored” CC details.
Google Dork: site:sandbox.paypal.com inurl:CVV2=
Google results are not much, nearly 80, but still harmful as sensitive user information is getting leaked.