 You don't need to be an 'investor' to invest in Singletrack: 6 days left: 95% of target - Find out more
I've discovered a vulnerability on a popular retail website. It allows me to view customer details and order history.
I've contacted the retailers and they're interested in discussing it further.
How would you play this? My mercenary nature suggests there is some money to made here but on the other hand should I debug their website for free?
What would you do
Help them fix it first, the world will be a better place for it.
Ransom!
One squillion pounds and a Caribbean Island.
😀
I would hope after you've highlighted a fault in a particular place that they would have a team looking for it.
I'm guessing it's a sql injection or are you just hitting random URLs?
Not a popular direct sales mtb component Web site? If so it's a feature not a bug 😉
Do it for free - they may offer a reward as a thank you.. if not you've got your karma for the day.
Three things
1. Get assurances that they won't treat you as a miscreant as you've intentionally or otherwise fiddled with their website.
2. Get some evidence (screenshots) in case it mysteriously gets fixed and they coincidentally start ignoring you.
3. Suggest that you've done them a huge favour by bringing it to their attention and they should show appreciation. I don't suspect they'll have a 'bug bounty' programme as a retailer (unless its Amazon) but if nothing comes of it write to the CEO about your efforts and explain that you're saving him money and hassle in the face of the rising tide of cybercrime that he'll be well aware of. A proper programme of secure application development, deployment and operation costs a mint.
🙂One squillion pounds and a Caribbean Island.
Seems very reasonable. Thanks!1. Get assurances that they won't treat you as a miscreant as you've intentionally or otherwise fiddled with their website.2. Get some evidence (screenshots) in case it mysteriously gets fixed and they coincidentally start ignoring you.
3. Suggest that you've done them a huge favour by bringing it to their attention and they should show appreciation.
"Back to School" (probably back2skool these days)
Words that used to fill me full of dread that now fill me full of delight.
As for the Clarks shoe fit thing, genius and testimony that Clarks themselves can't stand the scrum, costs and hassle of bricks and mortar.
Don't suppose you get a domestic version of the electric foot moulding x-ray machine?