How to get business: hack some new customers!
Today I was buying some business cards online when I accidentally discovered how to hack the store I was visiting. While placing my order, I put Coeur d'Alene in for my city's name, and when I submitted the form I got this lovely result: www.znatd.com/screenshots/oops_sqlinjection.jpg.
That looks innocent enough if you don't know what it means, but pretty much what it means is I could steal all their data (like, are they storing credit card numbers?), destroy all their data, make a bunch of orders and mark them all paid, change customers named "Robert" to "Assface", etc.
Rather than exploit my new power I chose to be good and send them notification of the issue, tell them how to fix it, and let them know that if they didn't have anyone capable of it I'd gladly fix it for them for a price :-)
Woo!
That looks innocent enough if you don't know what it means, but pretty much what it means is I could steal all their data (like, are they storing credit card numbers?), destroy all their data, make a bunch of orders and mark them all paid, change customers named "Robert" to "Assface", etc.
Rather than exploit my new power I chose to be good and send them notification of the issue, tell them how to fix it, and let them know that if they didn't have anyone capable of it I'd gladly fix it for them for a price :-)
Woo!