16

An enormous government project that leaves the tax office's database along with all backups exposed to SQL injection.

I know for a fact that the tax office database in at least one country only got a cold backup a few years ago, so it's more likely than you think.

Although around that time someone hacked the public transport company and bought a 12 month ticket for free as PoC and he got jail for it so the risk is quite high.

Comments
  • 6
    They bought a 12 month ticket for free for ... themself?

    How dumb is that?

    "Let's see here I'll do this illegal thing and copy and paste my name in right here ... it's the PERFECT CRIME!!!!"
  • 1
    @N00bPancakes They bought a ticket for themselves and then wrote a letter to cuatomer service about how there's a vulnerability, attaching the receipt as proof. Exactly the way PoCs are supposed to be done.
  • 1
    @homo-lorens eh, duno about the actually buying it for yourself part.

    I wouldn't prosecute them, but not sure I'd actually take action on the vulnerability with my own name in production on someone else's system first.
  • 1
    @N00bPancakes It was a public service. One would expect publicly owned service providers to be less hostile than private entities.
  • 1
    @homo-lorens

    I would hope so.

    Still wouldn't buy something for myself via those means.
Add Comment