Oh, the stupidity
ZiNgA BuRgA Offline
Fag
*******
Posts: 3,357
Joined: Jan 2008
Post: #23
RE: Oh, the stupidity
(10-27-2010 02:45 AM)MattR Wrote:  contacting them directly would require no extra effort
It DOES require extra effort.
That's the problem you don't understand.

It doesn't just take "30 seconds more".  But regardless, if it takes me 30 seconds to find an exploit, I'm effectively wasting twice the amount of time for absolutely no personal gain.  I'm sorry, as I said, I'm not altruistic, and unless I get something out of this exercise, I'm not doing it.  If it's at the detriment to others, so be it.

Perhaps if they're regular visitors to this forum, maybe I'll PM them.  But as most probably only go to the MyBB Community or even their own site, and I've stated that I do not wish to involve myself in the community, I am NOT going to the effort of going over to other sites and reporting stuff.

(10-27-2010 02:45 AM)MattR Wrote:  Just because some people don't listen doesn't mean everybody'll be like that; some people will really appreciate it and act on it straight away.
Unfortunately I can't see any evidence of such a statement.


I really can't see how many of these are even good at being obscurely hidden.  I mean, if you see something like:

PHP Code:
mysql_query("select * from users where user='$_GET[user]' AND password='$_GET[password]'");

and neither of the variables have been sanitised in any way, I think anyone with some PHP knowledge can easily see an exploit there.
If it's some complicated exploit path, then maybe I'll consider reporting it privately, but stuff like the above, I really don't think the author has much of an excuse other than a gross oversight or just pure incompetence.


But thanks for your opinions either way, everyone who replied Tongue
It was just a random thought.  I never said I'd do it, but maybe I will.


My Blog
(This post was last modified: 10-27-2010 09:27 AM by ZiNgA BuRgA.)
10-27-2010 09:09 AM
Find all posts by this user Quote this message in a reply

« Next Oldest | Next Newest »

Messages In This Thread
Oh, the stupidity - ZiNgA BuRgA - 10-21-2010, 03:42 PM
RE: Oh, the stupidity - 1master1 - 10-21-2010, 10:40 PM
RE: Oh, the stupidity - MattR - 10-22-2010, 07:59 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-22-2010, 09:11 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-23-2010, 09:35 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-23-2010, 10:40 PM
RE: Oh, the stupidity - MattR - 10-24-2010, 07:03 AM
RE: Oh, the stupidity - 1master1 - 10-24-2010, 08:34 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-24-2010, 10:20 AM
RE: Oh, the stupidity - Harry - 10-24-2010, 06:19 PM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-24-2010, 09:53 PM
RE: Oh, the stupidity - MattR - 10-25-2010, 04:22 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-25-2010, 08:17 AM
RE: Oh, the stupidity - MattF - 10-26-2010, 12:00 AM
RE: Oh, the stupidity - 1master1 - 10-25-2010, 01:08 PM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-26-2010, 07:53 AM
RE: Oh, the stupidity - MattF - 10-26-2010, 08:24 AM
RE: Oh, the stupidity - leefish - 10-26-2010, 08:50 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-26-2010, 10:33 AM
RE: Oh, the stupidity - MattF - 10-26-2010, 11:01 PM
RE: Oh, the stupidity - 1master1 - 10-26-2010, 11:33 PM
RE: Oh, the stupidity - MattR - 10-27-2010, 02:45 AM
RE: Oh, the stupidity - ZiNgA BuRgA - 10-27-2010 09:09 AM
RE: Oh, the stupidity - Vapor - 10-27-2010, 09:52 AM
RE: Oh, the stupidity - trialnick - 10-31-2010, 06:17 AM
RE: Oh, the stupidity - MasterZuFu - 12-17-2010, 11:17 PM

 Standard Tools
Forum Jump: