If you find a vulnerability in a site how exactly do you go about informing them of the problem while letting them know you did NO harm? I found a web site that displays articles like "index.php/v2/news/article.php?article=63", where 63 is the article number. You put:
' OR 1=1--
Where the 63 would be, and it gives you an error message which displays the name of the table and so on. I've gone from there, but have done nothing harmful.
How would I tell them?
RE: Reporting Vulnerabilities To A Webmaster
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 21-04-09 11:05
Or you could just do the easy thing, and just let it be.
It is totally dependent on the type of site. If it is some guys web-forums then just tell him. If it is a corporation, you could make an anonymous email account and send the info as was previously mentioned, however, I would check it again after a few days to see if you have a response. They may ask you if you have any ideas on how to fix it. Another route is to approach the IT department of the company and talk to them about penetration testing. Do not claim that you did anything, just simply ask them if they have ever had it done and get the information from them...From here you could offer your services...but again you would need to have a good portfolio to be able to approach a larger corporation for penetration testing