Ranter
Join devRant
Do all the things like
++ or -- rants, post your own rants, comment on others' rants and build your customized dev avatar
Sign Up
Pipeless API
From the creators of devRant, Pipeless lets you power real-time personalized recommendations and activity feeds using a simple API
Learn More
Comments
-
wizzzard8057yAlso keep in mind that not all companies/government entities are happy about being informed about weaknesses in their system. It is a sad truth, but sometimes doing companies a favour can come back to bite you in the ass.
-
xsacha4287yI found several major bugs in a large company's website (one you would know), made a one page report for all of them including risk factors, possibility they are already exploited and how to fix them.
One of the bugs included ability to get full details for all their users including name, addresses, phone numbers, PayPal emails.
They made a CVE for each exploit with most listed as high or medium risk.
Guess what my thanks was?
They told me thanks for all my work and that they would shout a beer for me next time I'm in (city in USA). -
Sach171097yOur college contacted the company who developed the website... They fixed some security bugs... We weren't able access anything after a month.
-
I SQL inject at work when putting in a request for db access is going to take too long... I patch the nasty code afterwards and everybody wins but damn it sucks to see vulnerable code in this day and age.
Related Rants
4 years ago, during our college, a friend of mine was explaining us about hacking using simple SQL injections. He showed us some of the sites he hacked. Out of curiosity we tried it on college internal website it worked. We had access to all the details of all the students in university, and even the lecturer's information. We informed the management , they were shocked on seeing this. They had just spent 25 lakhs for this website couple of months ago.
undefined
sql injections