Overview Chat Bike Members News Women
Viewing 9 posts - 1 through 9 (of 9 total)
  • Website security flaw
  • rocketman
    Free Member

    I’ve discovered a vulnerability on a popular retail website. It allows me to view customer details and order history.

    I’ve contacted the retailers and they’re interested in discussing it further.

    How would you play this? My mercenary nature suggests there is some money to made here but on the other hand should I debug their website for free?

    What would you do

    Posted 7 years ago
    footflaps
    Full Member

    Help them fix it first, the world will be a better place for it.

    Posted 7 years ago
    the-muffin-man
    Full Member

    Ransom!

    One squillion pounds and a Caribbean Island.

    😀

    Posted 7 years ago
    somouk
    Free Member

    I would hope after you’ve highlighted a fault in a particular place that they would have a team looking for it.

    I’m guessing it’s a sql injection or are you just hitting random URLs?

    Posted 7 years ago
    mikewsmith
    Free Member

    Not a popular direct sales mtb component Web site? If so it’s a feature not a bug 😉

    Posted 7 years ago
    alexxx
    Free Member

    Do it for free – they may offer a reward as a thank you.. if not you’ve got your karma for the day.

    Posted 7 years ago
    scuttler
    Full Member

    Three things

    1. Get assurances that they won’t treat you as a miscreant as you’ve intentionally or otherwise fiddled with their website.

    2. Get some evidence (screenshots) in case it mysteriously gets fixed and they coincidentally start ignoring you.

    3. Suggest that you’ve done them a huge favour by bringing it to their attention and they should show appreciation. I don’t suspect they’ll have a ‘bug bounty’ programme as a retailer (unless its Amazon) but if nothing comes of it write to the CEO about your efforts and explain that you’re saving him money and hassle in the face of the rising tide of cybercrime that he’ll be well aware of. A proper programme of secure application development, deployment and operation costs a mint.

    Posted 7 years ago
    rocketman
    Free Member

    One squillion pounds and a Caribbean Island.

    🙂

    1. Get assurances that they won’t treat you as a miscreant as you’ve intentionally or otherwise fiddled with their website.

    2. Get some evidence (screenshots) in case it mysteriously gets fixed and they coincidentally start ignoring you.

    3. Suggest that you’ve done them a huge favour by bringing it to their attention and they should show appreciation.Seems very reasonable. Thanks!

    Posted 7 years ago
    scuttler
    Full Member

    “Back to School” (probably back2skool these days)

    Words that used to fill me full of dread that now fill me full of delight.

    As for the Clarks shoe fit thing, genius and testimony that Clarks themselves can’t stand the scrum, costs and hassle of bricks and mortar.

    Don’t suppose you get a domestic version of the electric foot moulding x-ray machine?

    Posted 7 years ago
Viewing 9 posts - 1 through 9 (of 9 total)

The topic ‘Website security flaw’ is closed to new replies.

Overview Chat Bike Members News Women