Recently received a phishing email that takes you to a site pretending to be Gmail account validation. Long story short, they dont validate input and I can see that SQL injection is possible. I have already contacted abuse contacts for both their host and the ISP (from whence the phishing email came-- cogenco).
Im wondering whether it is legal / in line with the HTS.org ToS to post the link here so that people may go to town and / or assist me in dropping the database so that noone's credentials are leaked, or alternatively flooding the database with so much junk that it is worthless.
Im most of the way there, but hitting some snags because of my limited mySQL syntax knowledge.
Please let me know, thanks!