Days ago I discovered an SQL injection in a site providing subtitles.
I had been an active member since 2000 and today the site is the best portuguese subtitles provider. A couple of years ago it was going down everyday with the high flux of connections and sysadmins closed registrations as they didn't have enough money to upgrade the server.
So when I discovered the SQL flaw in the site, which by the way, made all the password confirmation links and password reseted links from the webmaster also sent to me, didn't use it for bad, as instead I reported the problem giving proofs of the exploit (pm'ing a site admin with one of the redirected emails) and how do they thank me? Deleting my account!!!!!!!!!!
The question is: do you think I should talk to them and try to retrieve my account or should I take measures? :S
Inner doubt after SQL Injection and doing what's right...
-
- n00b
- Posts: 1
- Joined: Wed Jan 12, 2011 9:00 am
- Cool_Fire
- Not a sandwich
- Posts: 1912
- Joined: Fri May 09, 2003 1:20 pm
- Location: 41 6d 73 74 65 72 64 61 6d
- Contact:
Re: Inner doubt after SQL Injection and doing what's right..
Unfortunately this is often the case when reporting vulnerabilities.
However if you haven't used this vulnerability to exploit the website and do anything nasty, there's a fair chance you can just explain the situation and that you're only trying to help. If you just stay polite your chances are the best.
And if you've done nothing bad to them, and they continue being a dick to you, you can always consider being a dick back at some later stage ;)
However if you haven't used this vulnerability to exploit the website and do anything nasty, there's a fair chance you can just explain the situation and that you're only trying to help. If you just stay polite your chances are the best.
And if you've done nothing bad to them, and they continue being a dick to you, you can always consider being a dick back at some later stage ;)
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.
Hackerthreads chat, where the party is going 24/7.