Inner doubt after SQL Injection and doing what's right...

Get the latest on wired & wireless, talk network setups, get help with connectivity problems, web hosts, etc.
Post Reply
GNSPS
n00b
Posts: 1
Joined: Wed Jan 12, 2011 9:00 am

Inner doubt after SQL Injection and doing what's right...

Post by GNSPS » Wed Jan 12, 2011 9:21 am

Days ago I discovered an SQL injection in a site providing subtitles.
I had been an active member since 2000 and today the site is the best portuguese subtitles provider. A couple of years ago it was going down everyday with the high flux of connections and sysadmins closed registrations as they didn't have enough money to upgrade the server.

So when I discovered the SQL flaw in the site, which by the way, made all the password confirmation links and password reseted links from the webmaster also sent to me, didn't use it for bad, as instead I reported the problem giving proofs of the exploit (pm'ing a site admin with one of the redirected emails) and how do they thank me? Deleting my account!!!!!!!!!!

The question is: do you think I should talk to them and try to retrieve my account or should I take measures? :S

User avatar
Cool_Fire
Not a sandwich
Posts: 1912
Joined: Fri May 09, 2003 1:20 pm
Location: 41 6d 73 74 65 72 64 61 6d
Contact:

Re: Inner doubt after SQL Injection and doing what's right..

Post by Cool_Fire » Thu Jan 13, 2011 11:22 pm

Unfortunately this is often the case when reporting vulnerabilities.
However if you haven't used this vulnerability to exploit the website and do anything nasty, there's a fair chance you can just explain the situation and that you're only trying to help. If you just stay polite your chances are the best.

And if you've done nothing bad to them, and they continue being a dick to you, you can always consider being a dick back at some later stage ;)
If we're breaking the rules, then how come you can't catch us? You can't find us? I know why. Cause, it's ... MAGIC!
Hackerthreads chat, where the party is going 24/7.

Post Reply