There are securities companies who do that sort of thing for a living however.. so, If you want to make a handy buck...
1. Get a business license.
2. Setup a website describing what you do.
3. Get an attorney.
4. Create an e-mail template AND a mailable letter template that sounds very professional.. and here is why...
5. Contact the business owner (NOT THEIR TECH OR WEBMASTER - because they will lie to save their job).
6. Explain clearly the security vulnerabilities found... with note, 'your IT staff should be able to fix this'.
7. If NOT - My company 'your company name' is available for $X to resolve your it problems.
This does in fact work.. I have friends who work for a security company just like the above.. it's where I'm trying to get a job actually, but I have a History Degree... lolz.. wtf is in a degree anyway, I can program better than half the monkeys coming our of RIT