. I can't anonymously call this time because the technical detail is too high for the receptionist. Is the best bet to send them snail mail or should I just move on and forget about it? It is not an ecommerce site, but they would have enermies who would like to deface their website. It is not a political website - they just do necessary things that the public generally don't like.dislosing a vunerability
4 posts • Page 1 of 1
dislosing a vunerability
by graham_chow on Sat Aug 14, 2010 4:48 pm
([msg=43744]see dislosing a vunerability[/msg])
About a week ago, I rang up a company because their web site had obviously been hacked. I went back yesterday and they had fixed it up. I noticed a few things like directory listing of obviously content that should not be publicly available and then I stumbled upon a hidden "admin logon page". Having just completed realistic 2 and having a user name I could not resist in trying the SQL injection hack. I'm in and it presented me with lots of nice tools to add and remove content to their site . I can't anonymously call this time because the technical detail is too high for the receptionist. Is the best bet to send them snail mail or should I just move on and forget about it? It is not an ecommerce site, but they would have enermies who would like to deface their website. It is not a political website - they just do necessary things that the public generally don't like.
. I can't anonymously call this time because the technical detail is too high for the receptionist. Is the best bet to send them snail mail or should I just move on and forget about it? It is not an ecommerce site, but they would have enermies who would like to deface their website. It is not a political website - they just do necessary things that the public generally don't like.- graham_chow
- New User
- Posts: 2
- Joined: Sat Aug 14, 2010 4:36 pm
- Blog: View Blog (0)
Re: dislosing a vunerability
by Assassian360 on Sat Aug 14, 2010 6:28 pm
([msg=43748]see Re: dislosing a vunerability[/msg])
graham_chow wrote:About a week ago, I rang up a company because their web site had obviously been hacked. I went back yesterday and they had fixed it up. I noticed a few things like directory listing of obviously content that should not be publicly available and then I stumbled upon a hidden "admin logon page". Having just completed realistic 2 and having a user name I could not resist in trying the SQL injection hack. I'm in and it presented me with lots of nice tools to add and remove content to their site
I would suggest trying to send an email first. If they don't respond send another or give them a call.
They'd probably like to know about it.
- Assassian360
- Poster
- Posts: 129
- Joined: Sat Jun 26, 2010 1:37 am
- Blog: View Blog (0)
Re: dislosing a vunerability
by Goatboy on Sat Aug 14, 2010 6:43 pm
([msg=43749]see Re: dislosing a vunerability[/msg])
Anonymous email is the way to go.
Mundus Vult Decipi
-
Goatboy - Expert
- Posts: 2443
- Joined: Mon Jul 07, 2008 9:35 pm
- Blog: View Blog (0)
Re: dislosing a vunerability
by Seraph89 on Sun Aug 22, 2010 11:04 am
([msg=44063]see Re: dislosing a vunerability[/msg])
Anonymous email will be a winner, that way they know and you cant be targeted for illegal activities 
Good job tho.
Good job tho.
- Seraph89
- New User
- Posts: 6
- Joined: Sun Aug 22, 2010 8:36 am
- Blog: View Blog (0)
4 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 0 guests