

Hacking the one plus reservation list - ssesha
https://twitter.com/seshaSendhil/status/625661217957216256

======
ssesha
referral email addresses not verified, no rate limits or captcha. Worst part
is I see my email address and ip in the response.

success_jsonpCallback({ "ret": 0, "errMsg": null, "data": { "email":
"myactualemail[at]gmail.com", "parent": "", "kid": "HZ5XQT", "rank": 1,
"ref_count": 10231, "credits": 10231, "ip": "myactualip", "referer": "",
"create_at": "1437932791", "total": "269988" } })

should be trivial to get so many valid email addresses from the so many such
referral links shared on twitter and facebook.

