Acunetix - Web Vulnerability Scanner
[Advertise With HackThisSite.org]

Hack This Site - Forums Index

I found a extremely vulnerable child care site

What is right? Is there right? Are you right?
Post a reply

I found a extremely vulnerable child care site

Post by andrew101010 on Thu Feb 17, 2011 11:29 am
([msg=53708]see I found a extremely vulnerable child care site[/msg])

The website is a non-profit children care site... but it's admin login is extremely vulnerable to simple sql injections. Once someone hacks the admin login, they can access a database of all there clients information. How should I tell the site owners about the danger. I don't want to get arrest, but I also don't want anyone to steal their clients information. Should I alert the site owner? :?:

Sorry if I posted this in the wrong thread.
andrew101010
New User
New User
 
Posts: 2
Joined: Thu Feb 17, 2011 11:18 am
Blog: View Blog (0)

Re: I found a extremely vulnerable child care site

Post by hellow533 on Thu Feb 17, 2011 11:34 am
([msg=53710]see Re: I found a extremely vulnerable child care site[/msg])

What's the sites name? Can you tell us what site this is? Also, somewhere on there should be a contact/contact us button. Try calling them and telling them upfront.
“True hacking is like skydiving, you want to make sure you have arms, because nobody’s going to be there to pull the chute for you.”
User avatar
hellow533
Poster
Poster
 
Posts: 337
Joined: Thu Jan 29, 2009 3:27 pm
Blog: View Blog (0)

Re: I found a extremely vulnerable child care site

Post by andrew101010 on Thu Feb 17, 2011 11:47 am
([msg=53712]see Re: I found a extremely vulnerable child care site[/msg])

I don't want to give out the site name. There is a contact page, but some of the employee's email address are .gov. The site offers child care services and offers advice. It's run by a bunch of kind old ladies.
andrew101010
New User
New User
 
Posts: 2
Joined: Thu Feb 17, 2011 11:18 am
Blog: View Blog (0)

Re: I found a extremely vulnerable child care site

Post by insomaniacal on Thu Feb 17, 2011 4:18 pm
([msg=53723]see Re: I found a extremely vulnerable child care site[/msg])

Use Tor to set up a fake g-mail account for yourself and drop them a line about it.
It's not who votes that counts, it's who counts the votes
insomaniacal.blog.com
User avatar
insomaniacal
Addict
Addict
 
Posts: 1212
Joined: Sun May 24, 2009 10:21 am
Blog: View Blog (0)

Re: I found a extremely vulnerable child care site

Post by Goatboy on Thu Feb 17, 2011 8:28 pm
([msg=53734]see Re: I found a extremely vulnerable child care site[/msg])

insom said it best, although that might be a little overkill. Basically, your best bet is to send an anonymous email and hope they fix it. You don't want to assume that they will be happy, because they might not be. This could land you in some trouble very quickly.
Mundus Vult Decipi
User avatar
Goatboy
Expert
Expert
 
Posts: 2443
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)
Post a reply

Return to Ethics

Who is online

Users browsing this forum: No registered users and 0 guests

Disclaimer :
HackThisSite does not support illegal activities.
The management of this board is not responsible for the content of any external internet sites.
Powered by phpBB © 2000-2009 phpBB Group
Carbon Style By Echo -=Designs By Echo=- © 2007 Echo
Administration Control Panel