Re: Fwd: How to report a Vulnerability to a Company

[Yousif () vapt-sec com]

Well, I believe it depends on the specific "incorrect" key the person had entered. I believe you could explain the 
situation to an IT Staff or a Support team, explaining that you had pressed an incorrect key and the functionality had 
disposed informational data, in which you took the time to report, for the better of YOU the user, the website, and the 
overall "what to do, I'm stuck" problem. Also, if this was a legal act that was done by mistake, then even in the 
servers logs,it should not appear as if illegal requests were being made in connection to that incorrect key, therefore 
it wouldn't look as harmful as an attack. If done promptly, the logs should show you being the last referring user 
after the error had displayed. 

-Yousif Yalda
-Security Consultant
-Http://Vapt-Sec.Com
-Http://YousifYalda.BlogSpot.Com

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------