SQL Injection IRL

SQLi 1

Mechanon
10 years ago | edited 10 years ago

0

A quick question to the peers of this site. If a USA based forum had an Injection vulnerability, how to cover tracks (does the server track IP address of the attack even though I’m using a VPN) and or how harsh is the punishment for doing such things even if I don’t disturb anything?

I understand that an analogy has been in place for hacking with my question:
Will you break into someones home but leave not a trace? Of course you wouldn’t. But a website is a public place….

TIA!

PS: I plan on telling them.

7replies
7voices
314views
Abhi
10 years ago

0

@Mechanon , I don’t have much idea about all this but if you haven’t disturbed anything then don’t worry much !! If you want then you can send an email telling them about the security flaw . You may be even rewarded for this….though not sure about this.
So , just tell them the flaw and don’t worry much about it !!
That’s what I think .

Mechanon
10 years ago

0

ABHI, That was my intention. However, if something triggered the server of malicious code I didn’t want to be punished; especially with my good intent.

Hackay
10 years ago | edited 10 years ago

0

You know, that’s White Hats job.

Be polite.
Show you didn’t touch anything.
Point out the problem and advice something to correct it maybe.

I think this could be a good step and they will be grateful (I hope at least).

Wibben
10 years ago

1

If you’re really paranoid about being punished unjustly make a fake email at a library or internet cafe and send and email from there. And if they are grateful towards you you cna explain your paranoia and direct them to your real email or sth

mcshiz
10 years ago

0

A company may punish you even with your good intent because it makes the customer security look flawed and will lead to allot of bad publicity about the company so you will either be hired or fined (possibly worse.)

[deleted user]
10 years ago

1

I also would advise against any attack without prior written consent.
Your intentions may be good, but some admins just don’t see it that way. there have been many more hackers get into trouble than gain recognition and/or employment by following this path

SFisher
10 years ago | edited 10 years ago

1

True.
If I get in my house and there’s a guy sitting on my couch, unarmed, everything being right in the house (no destroyed/moved objects, no signs of damage in the entrance points, etc), (provided that I’m not expecting such a meeting) if the guy calmly tells me that I left my window open, I won’t just say thanks; I’ll beat the fuck out of him, then say thanks, close the window, write an AAR (in order to get to know why I left the window open in the first place, and prevent similar events from happening again, etc) and call the police or an ambulance.

PS. But if it’s a very large firm, they should be investing in good proactive security. So maybe I’d send them a semi-public tipoff so they get everything in place.
It sucks when you think you’re doing someone a favour and you get hit in the face, but it happens.

You must be logged in to reply to this discussion. Login
1 of 8

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss