19
l0om
8y

I detected a way to bypass login screen in client's website. I warned them. 48h later nothing changed...

Comments
  • 1
    Just thinking out loud. It is a clients website why can't you fix it or did the other you not want to?
  • 1
    @penderis it's a client's website but in a microsite developed by another company. I'm not gonna edit their production code (even if as I suspect, production is the only code available)
  • 0
    Hack them🤗
  • 2
    Exploit the vulnerability and they will hear you for sure!
  • 4
    What I'd do is wait a month. If after that they still haven't fixed it, make a blog post about finding it and warning all current and future developers about avoiding such issue. Then show that to the client and tell them you've already got a couple hundred views on it. If they're ignorant enough to ignore it for so long and they don't find it an issue, make it an issue. I'm not saying you need to write about your client in your blog post, I'm saying you should write about the bypass itself, describing how easy it was to find it and so on. Man, I'd love to write blog posts about finding bugs like that.
  • 2
    90 days after warning, release it into the wild.
Add Comment