Found an sqli vulnerability in a major movie production company
, what the hell can i even do with that?
>>58390017
leak info, grab some logins and change their sites; sell the info on the dark web or something
>>58390017
dump admin details and 301 it to goatse.cx
copy all the info you can, change nothing, gradually """leak""" out info to """news""" groups
>>58390017
>tell them
>maybe get appreciation for it
>>58390408
>tfw goatse was deleted from the .cx domain so long ago
>>58390421
>tell them
>get sued
Yeah, nope
>>58390017
try to find a way to get a shell login, try to see what other servers are visible & repeat until you find a server with unreleased movies
>>58390464
>implying
any not complete retarded company would appreciate it, if you don't make it public instantly
>>58390464
Check if they have a bug bounty program
sneak tranny porn scenes into movies right before they're released to theaters
>>58390496
>film companies
>not completely retarded
>>58390557
You know that they rely on they're reputation, nigger?
>>58390696
>they're reputation
IDIOT
Depends. If the company approved or is okay with this, they should provide some kind of credit or compensation for the vulnerability. Otherwise, they could press charges for unauthorization. For your safety, consider reporting the vulnerability anonymously without providing your information. I've been in a situation where I reported a bug and the company did not authorize it and tried to press charges. The charges were dropped after I told them I would provide a fix for the vulnerability at no charge and did so at the cost of my time and efforts. Be careful.
>>58390718
Your the idiot, because you think that companies are evil.
>>58390765
>Your the idiot
IDIOT
>>58390765
You're *
>>58390908
How do you know this is correct?
Fact is: you don't.
>>58390765
Here's an example for you - A Vulnerability Timeline for an exploit in some PwC software:
19.08.2016 PwC contacted
22.08.2016 Meeting with PwC, informed them about the impact and the details of the vulnerability and responsible disclosure
05.09.2016 Asked PwC about updates and whether a patch is available
13.09.2016 Received a Cease & Desist letter from PwC lawyers
18.11.2016 Informed that 90 days have passed and ESNC is planning to release a security advisory; asked for any details PwC can share about this matter including risk, affected versions, how to obtain a patch
22.11.2016 Received another Cease & Desist letter from PwC lawyers
07.12.2016 Public disclosure
>>58391177
hail PwC
I am only workin' for kpmg though
>>58391177
>>58391199
What does PwC and kpmg have to do with movie production?
>>58391216
Heavily depends on you're mom.
>>58391216
Just an example of the sort of response you'll get if you tell a big corp about a security hole.
>>58391229
>you're mom
IDIOT
>>58391231
Oh yeah.
>>58391231
find directors emails and contact info..
ill buy a bunk of movie directors info op.
let me know if you find any..
>>58391216
The timeline the guy above you posted was about an SAP auditing tool PwC uses. They load it up at a customer site and it pulls a bunch of data from an SAP system that they use to compare to the financial data the company provides to Wall Street to help locate any discrepancies. So in this case, any publicly-traded company that runs SAP and uses PwC for their auditing firm could be vulnerable to that exploit.
>>58391312
That's huge.
>>58391312
inb4 op gets suicided by 6 shots on the back of the head while drowed in the toilet while he was taking a piss
>>58391312
its happening
https://www.youtube.com/watch?v=sEBG3KqxGhw
>>58391536
>2011
Whatever this was, it already happened