Reporting Vulnerabilities To A Webmaster
If you find a vulnerability in a site how exactly do you go about informing them of the problem while letting them know you did NO harm? I found a web site that displays articles like "index.php/v2/news/article.php?article=63", where 63 is the article number. You put:
' OR 1=1–
Where the 63 would be, and it gives you an error message which displays the name of the table and so on. I've gone from there, but have done nothing harmful.
How would I tell them?
inferior wrote: [quote]Demons Halo wrote: [quote]inferior wrote: Or you could just do the easy thing, and just let it be.
pussy style? sounds good to me XD[/quote]
Well you don't want to get into any trouble.[/quote]
actually I like getting into trouble from time to time :P but being supervised for suspicious computer activity is not the thing you want to get into at this point of time. BIG BROTHER IS WATCHING YOU! :|
ooh my… LawlZOr! :xx:
It is totally dependent on the type of site. If it is some guys web-forums then just tell him. If it is a corporation, you could make an anonymous email account and send the info as was previously mentioned, however, I would check it again after a few days to see if you have a response. They may ask you if you have any ideas on how to fix it. Another route is to approach the IT department of the company and talk to them about penetration testing. Do not claim that you did anything, just simply ask them if they have ever had it done and get the information from them…From here you could offer your services…but again you would need to have a good portfolio to be able to approach a larger corporation for penetration testing :)
Hope it all works out for you.