-5

i'm a student cybercrime.

I've tested sql injection on an indian site that sells properties etc..

I was vunerable so i kept going with testing.

so after half an hour i managed to get all the usersnames and passwords also the admin username and password + adminpage.

What should i do now? just leave it or report it to the organisation?

i'm a bit afraid that they will be angry that i did this you know.

I really want to report it but its just i don't want to get troubles or so

EDIT : i did nothing to the site or database, i just looked in the database

Thanks

Feint
  • 9
  • 2
    If you're a cybercrime student you should be well aware that "just looking" doesn't make it legal. That said, we have already plenty of questions here regarding different ways of disclosure. – Arminius Jun 04 '17 at 22:38
  • 3
    You managed to create an anonymous StackExchange Account so why don't you just create a anonymous email address or something and then tell the company about the vulnerability. Most companys want to know how secure their products are. Some even offer monetary reward for this – BlueWizard Jun 04 '17 at 22:38
  • but please note that this question is off-topic – BlueWizard Jun 04 '17 at 22:39
  • See if they have a responsible disclosure policy. I'm not sure on the law in your country but without prior permission, it is normally illegal to attack a website so they may pursue legal action. I would contact them and ask how to report a security issue, judge their response and take it from there. – iainpb Jun 04 '17 at 22:56

1 Answers1

0

You have accessed a network infrastructure that was not your own and you did so without the written permission of the company/corporation nor that of the ISP. You have committed the felonious act of a gray hat hacker. However, if you are truly concerned for the stability of the company site and infrastructure you could as another user has suggested, create a bogus e-mail and perhaps use the tor browser to communicate your concerns.There are sources out there that demonstrate how to setup your own testing lab(s).

SecurityDoctor
  • 23
  • 6