Penetration Testing mailing list archives
Re: Fwd: How to report a Vulnerability to a Company
From: Yousif () vapt-sec com
Date: 25 Feb 2008 02:01:49 -0000
Well, I believe it depends on the specific "incorrect" key the person had entered. I believe you could explain the situation to an IT Staff or a Support team, explaining that you had pressed an incorrect key and the functionality had disposed informational data, in which you took the time to report, for the better of YOU the user, the website, and the overall "what to do, I'm stuck" problem. Also, if this was a legal act that was done by mistake, then even in the servers logs,it should not appear as if illegal requests were being made in connection to that incorrect key, therefore it wouldn't look as harmful as an attack. If done promptly, the logs should show you being the last referring user after the error had displayed. -Yousif Yalda -Security Consultant -Http://Vapt-Sec.Com -Http://YousifYalda.BlogSpot.Com ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Re: Fwd: How to report a Vulnerability to a Company Yousif (Feb 24)