Bitcoin Forum
November 17, 2024, 12:45:09 AM *
News: Check out the artwork 1Dq created to commemorate this forum's 15th anniversary
 
   Home   Help Search Login Register More  
Pages: « 1 [2] 3 »  All
  Print  
Author Topic: --  (Read 1090 times)
hacker1001101001
Sr. Member
****
Offline Offline

Activity: 1288
Merit: 415


View Profile
June 20, 2020, 12:16:51 PM
 #21

OP should have atleast notified OgNasty before injecting any scripts.

Is that an objective standard?  A hacker's opinion?  Or maybe just mutual respect and consideration? 

Nothing of that sort, it's just called ethics.
Harlot
Hero Member
*****
Offline Offline

Activity: 1806
Merit: 672


View Profile
June 20, 2020, 05:24:05 PM
Merited by OgNasty (1)
 #22

The requested person was informed before disclosing it here.

That's not responsible disclosure.

How much time did you give him to fix any vulnerabilities before publicly disclose them?



OP should have atleast notified OgNasty before injecting any scripts.

Is that an objective standard?  A hacker's opinion?  Or maybe just mutual respect and consideration? 

OP could have done damage if he wanted - or sold the info.  He did the moral thing, and there is nothing illegal about it.

Without the approval of the owner of the site and the hoster, it definitely is illegal. Depending on the country, maybe "just" a gray area.
You can't just start doing pentests on any website/service you encounter.

bob123 is right on this one, OP just by trying to alter anything on nastfans' website without any kind of permission to the owner can be considered as hacking in itself. It doesn't matter if OP has good intentions or not, someone else's property (nastyfan website) was altered/tested by someone who doesn't have any kind of permission too. Posting this earlier without any kind of replies back from either OGnasty or nonnakip is also a bad move made in his part frankly the OP didn't do any kind of good intention by posting this right away.
Vod
Legendary
*
Offline Offline

Activity: 3892
Merit: 3166


Licking my boob since 1970


View Profile WWW
June 21, 2020, 12:20:09 AM
 #23

You can't just start doing pentests on any website/service you encounter.

Of course you can.  Justice takes "intent" into account. It's not against the law to break into a house unless you intend to do something illegal.

If he doesn't want visitors to his website, he should take it offline. 

I post for interest - not signature spam.
https://elon.report - new BPI Reports!
https://vod.fan - fast/free image sharing - coming Nov
Steamtyme
Legendary
*
Offline Offline

Activity: 1568
Merit: 2037


View Profile
June 21, 2020, 01:21:15 PM
 #24

It's not against the law to break into a house unless you intend to do something illegal.
That's absurd. The law is literally "Breaking and Entering" which would be broken as they did so with the intent to commit an offence. Trespassing would fit this as well, if we want to use silly comparisons for this matter. Wouldn't it have made more sense to look at Computer Crime Laws to attempt to defend OP.

I read this a few days ago, and first thought was probably should have posted this well after contacting OG about it. Maybe even posting in conjunction. Should have probably stated you were going to perform test before going ahead and doing so. I don't know shit about website design and security so I can't speak to much else here apart from general courtesies and socially acceptable practices.


░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀
Ripmixer
░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀
Vod
Legendary
*
Offline Offline

Activity: 3892
Merit: 3166


Licking my boob since 1970


View Profile WWW
June 21, 2020, 02:56:49 PM
 #25

It's not against the law to break into a house unless you intend to do something illegal.
That's absurd. The law is literally "Breaking and Entering" which would be broken as they did so with the intent to commit an offence.

Your legal system would be a mess.  "I didn't B&E, the window was left open!"  Smiley

I'll give you some examples:
- enter a house for protection/shelter/aid or other emergency - not a crime
- enter a house you thought was abandoned to smoke weed - trespassing
- go into an understaffed hospital ward to gather supplies - B&E

The "break" is not literal.   




I post for interest - not signature spam.
https://elon.report - new BPI Reports!
https://vod.fan - fast/free image sharing - coming Nov
khaled0111
Legendary
*
Offline Offline

Activity: 2716
Merit: 3060


Top Crypto Casino


View Profile WWW
June 21, 2020, 03:25:32 PM
Merited by OgNasty (1)
 #26

@Vod, I don't get your logic here.
What could be the intent behind pentesting and scanning a website without the consent of its owner!
and why did he disclose the vulnerability publicly before it got patched!
Maybe OP's intentionts are good, but by doing this, isn't he just making things easier for hackers?

OgNasty
Donator
Legendary
*
Offline Offline

Activity: 4928
Merit: 4867


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
June 21, 2020, 07:04:25 PM
Last edit: June 23, 2020, 12:41:38 AM by OgNasty
 #27

The Minted Seat Analyzer is a 3rd party site run by naypalm. This was a poor extortion attempt targeting the wrong person.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Vod
Legendary
*
Offline Offline

Activity: 3892
Merit: 3166


Licking my boob since 1970


View Profile WWW
June 21, 2020, 11:00:52 PM
Last edit: June 22, 2020, 12:03:35 AM by Vod
 #28

This is a 3rd party site run by naypalm and has no functionality nor is it on the NastyFans server. It’s been broken for a long time. Maybe this will motivate naypalm to fix it. Nobody should be concerned by this. Just an idiot wasting his time and money on a poor attempt to extort me. The NastyFans server isn’t vulnerable.

Bottom line. No damage was done. This isn’t even the NastyFans server. This was a poor extortion attempt. The owner was not properly contacted before this was disclosed. This was very clearly a nefarious act, and a piss poor one at that.

No one extorted you,you idiot.    Roll Eyes

Edit:  Actually, I don't know that. OG - who contacted you about this and demanded money to not post it? Post their PMs and support your claim of extortion.   What I see is a new hacker trying to prove himself, and doing the right thing by not exploiting what he found.  I know nothing of him, but if I were in his shoes, I wouldn't respect a person who doesn't respect others. 

Warning to future ethical hackers:   Do not contact OG about vulnerabilities - he will accuse you of a crime.   


I post for interest - not signature spam.
https://elon.report - new BPI Reports!
https://vod.fan - fast/free image sharing - coming Nov
nonnakip
Hero Member
*****
Offline Offline

Activity: 638
Merit: 591



View Profile
June 22, 2020, 08:44:21 AM
Merited by OgNasty (20)
 #29

I just want to bring attention to that website https://nastyfans.org/ and https://analyzer.nastyfans.org/ are leaking security information and are vulnerable to script injection.

Leaking security information? Your plain text connection performs the leaking not the server. If nastyfans members go always to nastyfans.org to sign in then they will use TLS and the credentials will be secure.

I maintain nastyfans.org and have responsibility for the security on it.

analyzer.nastyfans.org is a different server and is maintains by naypalm. Users must always be careful of phishing attacks. This is not the first time his server has vulnerabilities. Perhaps it is unwise to allow analyzer.nastyfans.org to point to naypalm's server. Users can be misleading to think it is the nastyfans server.
bob123
Legendary
*
Offline Offline

Activity: 1624
Merit: 2481



View Profile WWW
June 22, 2020, 10:17:08 AM
Merited by OgNasty (1), Foxpup (1)
 #30

What I see is a new hacker trying to prove himself, and doing the right thing by not exploiting what he found.

He did exploit the vulnerability by creating the PoC popup.
There is not much more you can do with a reflected XSS on such a site. That's basically it.


Warning to future ethical hackers:   Do not contact OG about vulnerabilities - he will accuse you of a crime.   

An ethical hacker would not start to pentest a site/server without the permission of the owner and hoster.
It's more of a script kiddy move. And a pretty dumb one.

Boris007 (OP)
Member
**
Offline Offline

Activity: 192
Merit: 72

Security


View Profile
June 22, 2020, 10:29:57 AM
 #31

There is not much more you can do with a reflected XSS on such a site. That's basically it.
Well we can do, It depends.
How about transferring to p*rnhub.com or to your bitcointalk.org profile page instead of popup??

TECSHARE
In memoriam
Legendary
*
Offline Offline

Activity: 3318
Merit: 2008


First Exclusion Ever


View Profile WWW
June 22, 2020, 04:07:32 PM
Merited by OgNasty (1)
 #32

These attacks on OGNasty are getting increasingly desperate. As others have pointed out, it is well established in the hacking community (white and grey hat) that you first notify the owners of a site/code before making a public release. This was unethical, and IMO intended as an attack against OGNasty.
Boris007 (OP)
Member
**
Offline Offline

Activity: 192
Merit: 72

Security


View Profile
June 22, 2020, 04:18:20 PM
 #33

These attacks on OGNasty are getting increasingly desperate. As others have pointed out, it is well established in the hacking community (white and grey hat) that you first notify the owners of a site/code before making a public release. This was unethical, and IMO intended as an attack against OGNasty.
I have no intention to attack someone personally.

OgNasty
Donator
Legendary
*
Offline Offline

Activity: 4928
Merit: 4867


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
June 22, 2020, 04:40:18 PM
 #34

An ethical hacker would not start to pentest a site/server without the permission of the owner and hoster.
It's more of a script kiddy move. And a pretty dumb one.

Yes, a script kiddy move to do it, and an attention whore move to try and publicize it as anything else. People should also take note of the merit sources who merited the behavior as they clearly showed bad judgement in doing so.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
Vod
Legendary
*
Offline Offline

Activity: 3892
Merit: 3166


Licking my boob since 1970


View Profile WWW
June 22, 2020, 06:43:45 PM
 #35

An ethical hacker would not start to pentest a site/server without the permission of the owner and hoster.
It's more of a script kiddy move. And a pretty dumb one.

Yes, a script kiddy move to do it, and an attention whore move to try and publicize it as anything else. People should also take note of the merit sources who merited the behavior as they clearly showed bad judgement in doing so.

So, who extorted you, you liar?   Roll Eyes

And what happened to the 2,600 BTC you owed your depositors when you collapsed your ponzi?

Stop playing the victim. 

I post for interest - not signature spam.
https://elon.report - new BPI Reports!
https://vod.fan - fast/free image sharing - coming Nov
Steamtyme
Legendary
*
Offline Offline

Activity: 1568
Merit: 2037


View Profile
June 22, 2020, 07:07:44 PM
Merited by dragonvslinux (1)
 #36

People should also take note of the merit sources who merited the behavior as they clearly showed bad judgement in doing so.
Not really. It's a well layed out and written OP. The subject was thorough and complete. These are the types of things that will get a post merited regardless of someone agreeing with or disagreeing with the idea.

Now if they are adding them to trust lists then that's where you would start to question someones judgment.


░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀
Ripmixer
░░░░░▄▄██████▄▄
░░▄████▀▀▀▀▀▀████▄
███▀░░░░░░░░░░▀█▀█
███░░░▄██████▄▄░░░██
░░░░░█████████░░░░██▌
░░░░█████████████████
░░░░█████████████████
░░░░░████████████████
███▄░░▀██████▀░░░███
█▀█▄▄░░░░░░░░░░▄███
░░▀████▄▄▄▄▄▄████▀
░░░░░▀▀██████▀▀
ChuckBuck
Hero Member
*****
Offline Offline

Activity: 1372
Merit: 783


better everyday ♥


View Profile WWW
June 22, 2020, 08:07:49 PM
 #37

It's all explained in great detail here.

That's a decent explanation but I prefer this one. You have to listen to at least 40 seconds of it to get its full implication.

Not only for 40 seconds, I had difficulty hearing. I mean I can write, but my listening skills are very bad, because I rarely communicate with people through this language, listening to a song is really harder than normal communication. I had to listen to so many times  Roll Eyes But anyway, I like the way you guys put a song here  Cheesy

I'll give you some examples:
- enter a house for protection/shelter/aid or other emergency - not a crime
- enter a house you thought was abandoned to smoke weed - trespassing
- go into an understaffed hospital ward to gather supplies - B&E

The "break" is not literal.   
I will call it "dodge the law"  Cheesy Here, we jokingly say that learning to dodge law  Cheesy The law always has a loophole, if you understand it well, you can take advantage of it  Cheesy

CharityAuction
          ▄▄▄████████▄▄▄   
       ▄▄███████▀▀▀▀███████▄
     ▄████▀▀           ▀▀████▄
   ▄███▀▀   ▄▄████████▄▄   ▀▀███▄
  ████▀   ████▀██████████    ▀███▄
 ████   ▄███▀▄  ▀    ██████   ▀███▄
▄███   ████▄    ▄█▄  ▀██████    ███▄
████  ▄███▀     ▀█▀      ▀███▄  ████
████  ████▄▄█▄      ▄█▄   ████  ████
████  ▀████████▄   ███▀  ▄███▀  ████
▀███   █████████▄   ▀   ▀████   ███▀
 ████   ▀████████   ▄ ▀▄▄██    ████
  ████▄   ███████▄▄██▄▄███   ▄████
   ▀███▄▄   ▀▀████████▀▀   ▄▄███▀
     ▀████▄▄            ▄▄████▀
       ▀▀███████▄▄▄▄███████▀▀
           ▀▀▀████████▀▀▀
          ▄▄▄████████▄▄▄   
       ▄▄███████▀▀▀▀███████▄
     ▄████▀▀           ▀▀████▄
   ▄███▀▀   ▄▄████████▄▄   ▀▀███▄
  ████▀   ████▀██████████    ▀███▄
 ████   ▄███▀▄  ▀    ██████   ▀███▄
▄███   ████▄    ▄█▄  ▀██████    ███▄
████  ▄███▀     ▀█▀      ▀███▄  ████
████  ████▄▄█▄      ▄█▄   ████  ████
████  ▀████████▄   ███▀  ▄███▀  ████
▀███   █████████▄   ▀   ▀████   ███▀
 ████   ▀████████   ▄ ▀▄▄██    ████
  ████▄   ███████▄▄██▄▄███   ▄████
   ▀███▄▄   ▀▀████████▀▀   ▄▄███▀
     ▀████▄▄            ▄▄████▀
       ▀▀███████▄▄▄▄███████▀▀
           ▀▀▀████████▀▀▀
ColdScam
dragonvslinux
Legendary
*
Offline Offline

Activity: 1722
Merit: 2213



View Profile
June 22, 2020, 11:51:07 PM
 #38

This is a 3rd party site run by naypalm and has no functionality nor is it on the NastyFans server. It’s been broken for a long time. Maybe this will motivate naypalm to fix it. Nobody should be concerned by this. Just an idiot wasting his time and money on a poor attempt to extort me. The NastyFans server isn’t vulnerable.

Bottom line. No damage was done. This isn’t even the NastyFans server. This was a poor extortion attempt. The owner was not properly contacted before this was disclosed. This was very clearly a nefarious act, and a piss poor one at that.

By the sound of it, either the user contacted you to disclose the vulnerability which you ignored as insignificant (I'll take your word for it) and this is what you considered extortion, or they didn't contact you in advance in an attempt to notify the owner and therefore there was no extortion. I'm a bit confused as to what actually occurred here, as many are claiming that they didn't attempt to notify the owner, whereas you appear to be claiming otherwise. You surely can't extort someone if you've already publicly published the findings.

OP, Boris007: did you contact OG before posting this, in an attempt to notify the owner? If this was the case, and Og ignored it, then they had the right to publish their findings. If the server isn't vulnerable anyway, there is no offence in the actions of the OP.  It's not breaking & entering if the house is already broken and the doors wide open Tongue

The "break" is not literal.  

This is true:

Burglary, also called breaking and entering and sometimes housebreaking, is illegally entering a building or other areas to do something illegal there.

Therefore there would be no damage caused in entry and nothing to steal or break, so just a bit of civil trespassing?
If this site was functional and there was vulnerability to user info, this would be a different story.



Edit: Just noticed the OP claiming:

The requested person was informed before disclosing it here.

End of story.
OgNasty
Donator
Legendary
*
Offline Offline

Activity: 4928
Merit: 4867


Leading Crypto Sports Betting & Casino Platform


View Profile WWW
June 23, 2020, 12:37:38 AM
 #39

I am not the owner of the server. This doesn’t effect the NastyFans server. It effects the Uberbills server operated by naypalm and I don’t believe contact was properly made with him prior to any disclosure.

..Stake.com..   ▄████████████████████████████████████▄
   ██ ▄▄▄▄▄▄▄▄▄▄            ▄▄▄▄▄▄▄▄▄▄ ██  ▄████▄
   ██ ▀▀▀▀▀▀▀▀▀▀ ██████████ ▀▀▀▀▀▀▀▀▀▀ ██  ██████
   ██ ██████████ ██      ██ ██████████ ██   ▀██▀
   ██ ██      ██ ██████  ██ ██      ██ ██    ██
   ██ ██████  ██ █████  ███ ██████  ██ ████▄ ██
   ██ █████  ███ ████  ████ █████  ███ ████████
   ██ ████  ████ ██████████ ████  ████ ████▀
   ██ ██████████ ▄▄▄▄▄▄▄▄▄▄ ██████████ ██
   ██            ▀▀▀▀▀▀▀▀▀▀            ██ 
   ▀█████████▀ ▄████████████▄ ▀█████████▀
  ▄▄▄▄▄▄▄▄▄▄▄▄███  ██  ██  ███▄▄▄▄▄▄▄▄▄▄▄▄
 ██████████████████████████████████████████
▄▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▀▄
█  ▄▀▄             █▀▀█▀▄▄
█  █▀█             █  ▐  ▐▌
█       ▄██▄       █  ▌  █
█     ▄██████▄     █  ▌ ▐▌
█    ██████████    █ ▐  █
█   ▐██████████▌   █ ▐ ▐▌
█    ▀▀██████▀▀    █ ▌ █
█     ▄▄▄██▄▄▄     █ ▌▐▌
█                  █▐ █
█                  █▐▐▌
█                  █▐█
▀▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▄▀█
▄▄█████████▄▄
▄██▀▀▀▀█████▀▀▀▀██▄
▄█▀       ▐█▌       ▀█▄
██         ▐█▌         ██
████▄     ▄█████▄     ▄████
████████▄███████████▄████████
███▀    █████████████    ▀███
██       ███████████       ██
▀█▄       █████████       ▄█▀
▀█▄    ▄██▀▀▀▀▀▀▀██▄  ▄▄▄█▀
▀███████         ███████▀
▀█████▄       ▄█████▀
▀▀▀███▄▄▄███▀▀▀
..PLAY NOW..
hacker1001101001
Sr. Member
****
Offline Offline

Activity: 1288
Merit: 415


View Profile
June 23, 2020, 02:05:42 AM
 #40

Edit: Just noticed the OP claiming:

The requested person was informed before disclosing it here.

End of story.

Not yet !

Who was the person OP contacted with? Did he even knew the current owner of the website he is testing on and his contact info ? What is the use of making the vulnerability public ?

I don't think anyone/owner of the any website would just avoid acting on the vulnerability when reported. It's even unacceptable that someone denied to act on it once informed.
Pages: « 1 [2] 3 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!