Hey Sup Forums I found a privilege escalation vulnerability on an EPOS I work with at work. I'm a waiter what do...

Hey Sup Forums I found a privilege escalation vulnerability on an EPOS I work with at work. I'm a waiter what do? Report it and maybe get a job or sell it?

just do your job and don't be a hackerman

Report it--you get fired
Sell it--you get fired and sued
Just keep quiet and work hard

You can report it if you like, depending on your bosses, this will probably happen:
"Thanks user!" - Nothing will happen
"Thanks user!" - Stuff gets fixed in a month or three

Post it here. Do anything else and you'll only get arrested for cracking especially in the US.

sell it (the vulnerbility) on the black market and do nothing were you work

>Im a waiter
>I was pentesting company property in my free time, should I tell them?
and get fired and then sued for trespassing and accessing restricted equipment? (yes, accessing computer systems you are not authorized to access is trespassing)
this never works out good for people, youre just going to get fucked and the issue ignored. How about you stop doing work for free, get your shit together, and come up with a life plan that will actually get you somewhere that you can make some real money.

t. 12 year a neet

I knew that when I was a 12 year old neet. Just because you still dont know how to wipe your ass does that mean that your 5? probably bot, because we retain the information we learn as children.

Contact the vendor with a throwaway email and let them know.

Otherwise, if it's remotly exploitable you could sell it. Criminals love pos exploits, assuming you can get payment info from it.

OP here I did this.

Could have sold it for at least 4k on Russian boards tho.
Then again sort of doing the right thing is it's own reward.

keep thread alive, I want to know if they will be saying thanks or trying to hang you.
If not comeback and post again with the same image as OP.

OP here, will update on this thread tomorrow. I will post the reply. I'll see what I can get out of it

honestly I wish you the best and you don't get shit about it but I won't be surprised if they think you are blackmailing them. Normies and specially business owners tend to be truly stupid

Thanks user. I'll hopefully see you in the thread that I'll post tomorrow

I'm confused OP are you trying to get monetary reward from your work or the company that sells the machine? I wouldn't expect shit from the company that is using it but the people who developed that model may reward you for discreetly letting them know about the vulnerability.

Hi user, maybe I didn't make myself clear but I'm trying to get a reward from the people who make the EPOS system.

Okay then you might be able to get something out of this but it may not be the wisest decision to ask for money first and then offer the vulnerability. They may ignore you at best and possibly even legally pursue you depending on their attitude. You may be more likely to get something out of this by just telling them about the vulnerability and asking for a reward afterwards. Although they would have no obligation to, they may feel much more inclined to and you would be getting something which would be better than nothing. You might just screw yourself if you either tick them off or incur their apathy. However you decide to go about this, good luck.

Long story short I work at a restaurant as a waiter, an EPOS technician comes and installs this brand new EPOS system and I'm making friendly chit chat.

And I say is this created in Java he said yes it is I say I know Java and he's like nice want to send your CV and maybe I can get you a job? I send the CV then the position is filled. So I have the personal email of this guy I email him months later (today) and I tell him about the vulnerability.

Different poster but I want to chime in here.

I don't think it was wise to phrase that letter how you did.

Simply telling him about the vulnerability would be repaying his favor (imo) for attempting to get you a job, and could very well have resulted in him referencing your skills and getting you hired.

He stuck his neck out for you and you try and leverage him for money? wtf

They will contact FBI and report you

What Russian boards? How do you know about that shit?