How to tell them?

Hey i used to use this site alot then becuse of stuff i had to stop but im slowly coming back but anyways i have a question. My little brother who is not a "hacker" found an expolit of sorts on a site to give a quick description of the problem on this site you dont have a username when you log in just a 5 digit numeric password. (OMG did they thank that was secure?) So he can type in 5 random numbers get on someones account and find out personal info no credit card or anything but im sure with the info given you could use S.E to get it. So he wants to tell the site he found a problem but ive heard stories where some sites dont like when you find stuff like this, becuse the think they have been hacked and want to send you to jail or whatever so what whould be the best way to tell the admin or company that they have a problem?

Well if you can take cc numbers then give me the link, ill warn them for you! :D:D:D:D

OK sure that sounds like a good plan… lol sneaky little devil:evil: thats not really the help i had in mind.:D

There's certain ways to go about doing it, but really it's your own personal decision whether you think you should or should not tell them, but if you think you should tell them, well read mozzer's blog post that he just wrote the other day, so I don't have to rewrite what he said.

URL = http://www.phpgsy.com/2007/06/18/reacting-to-vulnerabilities/#more-59

yep that pretty much clears it out.

Thanks chislam.. how you manage to keep up with my blog in incredible. I released that YESTERDAY!

Thanks for the help that blog told me everything i need to know, so i guess i will leave out the part about using the exploit to get "member only" content from the site:ninja:

mozzer wrote: Thanks chislam.. how you manage to keep up with my blog in incredible. I released that YESTERDAY!

eh, i'm try make time for everything, i had seen the link to your blog post on the thread on eg after watching critical's video, so i quickly read it

Hm, that's exactly how i go about informing people of holes.

But, this should be taken and applied to everyday life as well. You'll get further and be treated with more respect if you are articulate and respectful of the other person(s).

Its true isn't it. Its the whole "I'll scratch yours" principle