Welcome to HBH! If you have tried to register and didn't get a verification email, please using the following link to resend the verification email.

found a xss flaw in site what do i do now?


ghost's Avatar
0 0

I don’t know what it’s like where you live, but a lot of people have come into trouble by reporting security holes. Haven’t heard anything about xss, but in general it’s not a good idea to report security holes directly to the “source”, simply because, you might get in more trouble by showing yourself. I have a friend that also work with security, and he was hired by a company, which did some work with a rather big bank, and he found a problem which was somewhat big, and involved the bank. And when he told the bank about the problem, they threaten him with a law suit if he told anyone about it. But most of you guys properly already know this. So kids please make sure your housekeeping is up-to-date. ;)

Oh and black hat is the way to go. Why buy a motorcycle if you aren’t gonna break the speed limit…


ghost's Avatar
0 0

Yeah if your going to tell them use a proxy and do it through a fake email. Make sure you can contact them but they cant contact you more then you'd like. Its not nice waking up feeling like you did a right thing and having the cops at your door (been there done that haha).