• FreeAdvice has a new Terms of Service and Privacy Policy, effective May 25, 2018.
    By continuing to use this site, you are consenting to our Terms of Service and use of cookies.

SQL injection

Accident - Bankruptcy - Criminal Law / DUI - Business - Consumer - Employment - Family - Immigration - Real Estate - Tax - Traffic - Wills   Please click a topic or scroll down for more.

M

mingL

Junior Member
Let's assume that I coincidentally found a website which has a high SQL injection vulnerability.
I know that it is in general illegal to attack a website with SQL injections, but if i tried it out and after that informed the website management about that weak spot, would it then be legal, as i help them to find an error - I would of course not delete or modify any data , but just try to read the database - ? ... :confused:
Thank you - mingL
 


FlyingRon

FlyingRon

Senior Member
Wrong, is wrong. If you must do something, find the site admin and warn them. Other than that, hacking will likely get you in trouble no matter what you CLAIM your motivations are.

Of course, you could just change your name to Robert'; DROP TABLE Students; --
 
quincy

quincy

Senior Member
mingL said:
Let's assume that I coincidentally found a website which has a high SQL injection vulnerability.
I know that it is in general illegal to attack a website with SQL injections, but if i tried it out and after that informed the website management about that weak spot, would it then be legal, as i help them to find an error - I would of course not delete or modify any data , but just try to read the database - ? ... :confused:
Thank you - mingL
Click to expand...

Are you in the U.S., mingL?

Although I am pretty sure you knew the answer to your question before you asked it, you were smart to confirm.

If you know or learn of a website's vulnerability, contacting the administrator of the site would be nice.
 
quincy

quincy

Senior Member
mingL said:
No, I'm from Germany...
Click to expand...

Thank you for answering my question. I thought you might not be in the U.S.

The advice remains the same. Pointing out to administrators of a website any security vulnerabilities you have noticed would be the correct thing to do.
 
You must log in or register to reply here.

Find the Right Lawyer for Your Legal Issue!

Fast, Free, and Confidential
Top