Found an sqli vulnerability in a major movie production company

Found an sqli vulnerability in a major movie production company
, what the hell can i even do with that?

Other urls found in this thread:

youtube.com/watch?v=sEBG3KqxGhw
myredditnudes.com/
twitter.com/AnonBabble

leak info, grab some logins and change their sites; sell the info on the dark web or something

dump admin details and 301 it to goatse.cx

copy all the info you can, change nothing, gradually """leak""" out info to """news""" groups

>tell them
>maybe get appreciation for it

>tfw goatse was deleted from the .cx domain so long ago

>tell them
>get sued
Yeah, nope

try to find a way to get a shell login, try to see what other servers are visible & repeat until you find a server with unreleased movies

>implying
any not complete retarded company would appreciate it, if you don't make it public instantly

Check if they have a bug bounty program

sneak tranny porn scenes into movies right before they're released to theaters

>film companies
>not completely retarded

You know that they rely on they're reputation, nigger?

>they're reputation
IDIOT

Depends. If the company approved or is okay with this, they should provide some kind of credit or compensation for the vulnerability. Otherwise, they could press charges for unauthorization. For your safety, consider reporting the vulnerability anonymously without providing your information. I've been in a situation where I reported a bug and the company did not authorize it and tried to press charges. The charges were dropped after I told them I would provide a fix for the vulnerability at no charge and did so at the cost of my time and efforts. Be careful.

Your the idiot, because you think that companies are evil.

>Your the idiot
IDIOT

You're *

How do you know this is correct?
Fact is: you don't.

Newfags

Here's an example for you - A Vulnerability Timeline for an exploit in some PwC software:

19.08.2016 PwC contacted
22.08.2016 Meeting with PwC, informed them about the impact and the details of the vulnerability and responsible disclosure
05.09.2016 Asked PwC about updates and whether a patch is available
13.09.2016 Received a Cease & Desist letter from PwC lawyers
18.11.2016 Informed that 90 days have passed and ESNC is planning to release a security advisory; asked for any details PwC can share about this matter including risk, affected versions, how to obtain a patch
22.11.2016 Received another Cease & Desist letter from PwC lawyers
07.12.2016 Public disclosure

hail PwC

I am only workin' for kpmg though

What does PwC and kpmg have to do with movie production?

Heavily depends on you're mom.

Just an example of the sort of response you'll get if you tell a big corp about a security hole.

>you're mom
IDIOT

Oh yeah.

find directors emails and contact info..

ill buy a bunk of movie directors info op.

let me know if you find any..

The timeline the guy above you posted was about an SAP auditing tool PwC uses. They load it up at a customer site and it pulls a bunch of data from an SAP system that they use to compare to the financial data the company provides to Wall Street to help locate any discrepancies. So in this case, any publicly-traded company that runs SAP and uses PwC for their auditing firm could be vulnerable to that exploit.

That's huge.

inb4 op gets suicided by 6 shots on the back of the head while drowed in the toilet while he was taking a piss

its happening

youtube.com/watch?v=sEBG3KqxGhw

>2011
Whatever this was, it already happened