Disclosing A Known Vunerability - My Dilemma

[WickedAlibi]

I was recently staying at a well known chain of hotels for work experience. After I arrived, I discovered that the high speed internet access that was being offered was being charged at $20 a day, which I thought was quite ridiculous. When I got to my room, I had a play around with the wireless in the room I discovered that it was vulnerable to a simple SQL Injection.

My question is, should I let the company know about the simple, yet effective way of circumventing their charge for internet access. On one hand, it is a ludicrous sum that they are asking; however on the other, it is still a service that they are providing and thus they set the prices.

If I do decide to disclose, I was thinking a simple anonymous email to tip them off. What do all you guys think?

[Goatboy]

Reasons to disclose: It is a service they are selling to make a profit, and it is their right to make that profit. By disclosing the vulnerability, you are helping them stay in business.

Reasons not to disclose: As you said, it is a somewhat high price to pay for Internet. If you believe information should be free, keep this to yourself or tell others how to benefit from it.

[bandchicky314]

This is a very interesting topic. It's similar to people taking the law into their own hands and doing what they believe is right vs what is moral and legal. These types of things have intrigued me. Anyways, would you get in trouble for disclosing a vulnerability? If you know about it, it means you were poking around.