Sell my exploits?

What is right? Is there right? Are you right?

Sell my exploits?

Post by kanzlooz on Sat Mar 28, 2009 6:26 am
([msg=20783]see Sell my exploits?[/msg])

n all my years of surfing on the web I've found a lot of exploits on many different websites.
One of the newest and biggest are websites that use the payment system of Ogone like [removed]. This exploit will allow you to only pay 0.01 euro for each order you do.
This concept can also be used on A LOT of other (dutch) websites like [removed].

I've contact the websites and they all didn't do a thing about it. I described what was wrong and offered my service to come over and tell more about it and discuss a fix. All the websites didn't have any interest.

Now is my (ethical) question: Can I sell my exploits?
kanzlooz
New User
New User
 
Posts: 2
Joined: Sat Mar 28, 2009 5:09 am
Blog: View Blog (0)


Re: Sell my exploits?

Post by godofcereal on Sat Mar 28, 2009 7:10 am
([msg=20787]see Re: Sell my exploits?[/msg])

So far its all just you saying stuff and not proving it.
If you found an exploit in those sites Im sure someone else can find it.
Im off, last year of school and all, I had something longer but char limit fucked that up. So yeah, had a good run here. Thanks for the memories. Thanks to the staff and users.

Best regards, your posting whore,
godofcereal

p.s. Defience, you the man ;)
User avatar
godofcereal
Addict
Addict
 
Posts: 1068
Joined: Wed Aug 20, 2008 6:11 pm
Location: ireland
Blog: View Blog (0)


Re: Sell my exploits?

Post by radicool_systemite on Mon Mar 30, 2009 9:47 am
([msg=20890]see Re: Sell my exploits?[/msg])

I agree with Cereal. Someone else will eventually find the exploits. It's the companies fault for not listening to you.

It's great that you've tried to inform the companies about the exploits, but if they didn't listen to you, then it hardly seems consistent for you to be the one to now go and do (i.e. exploit them) the very thing that you were trying to warn them about earlier.
User avatar
radicool_systemite
Experienced User
Experienced User
 
Posts: 51
Joined: Fri Feb 27, 2009 7:58 am
Blog: View Blog (0)


Re: Sell my exploits?

Post by CyborgPirateNinja on Sun Apr 12, 2009 3:32 pm
([msg=21640]see Re: Sell my exploits?[/msg])

Go visit the compan(y|ies) IRL demonstrate the exploit(s) and say you're still going to release the exploit in a month...
If they didn't fix it... Its their problem...

edit:
Did they even believe you?
I sure as hell won't...
CyborgPirateNinja
New User
New User
 
Posts: 6
Joined: Sun Apr 12, 2009 3:11 pm
Blog: View Blog (0)


Re: Sell my exploits?

Post by Cruentus_Canis on Sun Apr 12, 2009 4:05 pm
([msg=21646]see Re: Sell my exploits?[/msg])

Not that I condone malicious behaviour, but if they are not listening to you, their ignorance will be their downfall. I recommend you just leave it be, and go along your merry way. Someone will find it eventually and the company and the one that exploited the flaw will bring down each other. My final advice is: don't concern your self with them.
Cruentus_Canis
New User
New User
 
Posts: 10
Joined: Sun Apr 12, 2009 10:45 am
Blog: View Blog (0)


Re: Sell my exploits?

Post by eljonto on Mon Apr 13, 2009 12:06 am
([msg=21669]see Re: Sell my exploits?[/msg])

I'm not diminishing your efforts or anything- but have you thought that maybe the company didn't do anything about it because there was no exploit? maybe you were just changing client-side information? Until you actually buy something off their site with your reduced price i don't think that you have reason to inform them about the exploit.
-Quis custodiet ipsos custodes?, Juvenal
_________________________________________________________________
User avatar
eljonto
Poster
Poster
 
Posts: 373
Joined: Thu Apr 17, 2008 1:16 am
Location: Australia
Blog: View Blog (0)


Re: Sell my exploits?

Post by kanzlooz on Sun May 24, 2009 7:42 am
([msg=24285]see Re: Sell my exploits?[/msg])

Thank you all for your responses.

I've opened a website with 1 exploit on it to see how it goes.
Last edited by kanzlooz on Mon May 25, 2009 8:28 am, edited 1 time in total.
kanzlooz
New User
New User
 
Posts: 2
Joined: Sat Mar 28, 2009 5:09 am
Blog: View Blog (0)


Re: Sell my exploits?

Post by fiftysixer on Sun May 24, 2009 11:12 am
([msg=24299]see Re: Sell my exploits?[/msg])

You're not the first one to think of this - you'd be surprised at some of the secret 0-day exploits that are being sold on the underground. By all means, if you've discovered a genuine exploit, do what you want with the info.

One thing though: do NOT post links to 'target' sites.
Image
Big fan of Image
fiftysixer
Experienced User
Experienced User
 
Posts: 88
Joined: Thu Mar 26, 2009 6:50 pm
Blog: View Blog (0)



Return to Ethics

Who is online

Users browsing this forum: No registered users and 0 guests

cron