60

What is the worst thing that can happen if you report a security vulnerability to a company?
Get banned by them!

I reported a vulnerability​ to a company on their Facebook page(cause they don't have an email id where I can report this) and they just banned me from their page. It's really annoying me now.
And the worst thing is that they have still not fixed the issue, I wonder why the hell they banned me then.
I am planning to exploit the vulnerability and teach them why security is so important now.

Comments
  • 10
    Dont do that imo. U can get arrested...
  • 23
    I once hacked into a websites armin panel and created an account for myself
    I reported the sql bug to them and they fixed it
    There was xss bug inside thr admin panel which i also reported but they didnt fix it
    Now they have changed the website from premade cms to wp
    And i have to access to the website
  • 1
    @sovietspy2 depends on where do you live
    Some country dont have any laws for hacking and some have strict laws
  • 9
    Be careful man cause I try doing that once and they said that they were going to call the cops on me and I was only trying to help. I miss those days where you would hack a company and they would offer you a job, but now it's more like thanks but you are still going to jail.
  • 6
    everyone should start a fucking bug bounty program!
  • 7
    Posting it publicly for all too see doesn't sound like a particularly good way to do it.
  • 17
    First try all available communication to that company. Tell them it is a security problem. Give them a deadline and a way to communicate with them. When the deadline passes make a blogpost explaining the vulnerability and tag them in any way you can. Also explain how they wouldn't respond. The next months of hell are all on them. You did responsible disclosure.
  • 2
    Or just tell somebody else. I'm sure there are plenty of forums in the deep web where you can post things like this
  • 1
  • 2
    Getting arrested is not nearly the worst that can happen.

    There are case of security researchers being arrested and sued for doing responsible disclosure.

    If the company doesn't have a security program or at least a good reputation for handling security issues, all bets are off, you'd better use a middle-man or anonymous ways to disclose the vulnerability.
  • 5
    @Fradow @Charmgoggles I will for sure post the vulnerability anonymously just to piss off the company. BTW I am from India, hackers don't get much respect here.
  • 1
    @Condor I searched for a email id where I could report this but couldn't find it. And when I asked about this on their Facebook page, they told me to report the issue here itself and they will transfer this to their security team (I wonder if they even have any). And it's an e-commerce website they would really get fucked up I post this vulnerability anywhere.
  • 0
    @andros705 I sent a private message on Facebook
  • 1
    *cough* nameandshame *cough cough*
  • 2
    @andros705 I have already planned this. Plus it's an e-commerce website so it will be fun watching them get fucked up.
  • 3
    @mishraanoopam now, let's not get hasty here, does the exploit allow for personal gain?
    😏
  • 0
    these people piss me off!
  • 0
    security through obscurity BS companies
  • 0
    If it's a local company, tell the local newspaper...
  • 0
    Seems like you posted a security vulnerability on a public page.
  • 0
    @amahlaka Not exactly but I'm sure that many people would get interested when they get to know about the issue
  • 0
    Lol... I've got threatened when I did a responsible disclosure. I was told that I would get sued for testing their site without their permission. But that was before I got into Bug Bounty.
Add Comment