[Bannedshee]

I found 4 vulnerabilities on 4 different sites, sent the owners emails and waiting for their reply

Anyone else here do white-hat SQLi?

Why or why not?

Personally, I do white hat because its so much better, not only do I have a chance of getting paid, but I won't get arrested, so in my honest opinion, white hat SQLi is much better

[blazer15]

I usally perform whitehat activites, But i mostly perform blackhat.

[Adorapuff]

I usally perform whitehat activites, But i mostly perform blackhat.

That makes no sense what so ever.

[3SidedSquare]

Strictly speaking, the owners of a site can still take you to court if they want, even if you didn't deface the page.

Or... use it for more illicit activities.

[Dismas]

Strictly speaking, the owners of a site can still take you to court if they want, even if you didn't deface the page.

Or... use it for more illicit activities.

That's very rare, as I can't see them taking you to court if you're helping them out.

[KyleFYI]

To be honest, I've reported a lot of exploits to sites and the next day no reply I try the exploit and BAM its patched. I don't even try anymore.

[Ultimatum]

The point of being White-Hat isn't because you look for money or something in return... That's really not the White-Hat idea. But, don't expect to get much out of it, unless it was a vuln on Google, Yahoo, or of the sort.

[Charon]

To be honest, I've reported a lot of exploits to sites and the next day no reply I try the exploit and BAM its patched. I don't even try anymore.

That sucks, if that was me I'd wait untill it's vulnerable again and then fuck up all their shit and leave a friendly message.

OT: You shouldn't message the website owner because the same can happen to you what happened to Kyle and then you're fucked. Well not fucked but they will probaly patch the vulnerability without letting you know.

[Bannedshee]

To be honest, I've reported a lot of exploits to sites and the next day no reply I try the exploit and BAM its patched. I don't even try anymore.

That sucks, if that was me I'd wait untill it's vulnerable again and then fuck up all their shit and leave a friendly message.

OT: You shouldn't message the website owner because the same can happen to you what happened to Kyle and then you're fucked. Well not fucked but they will probaly patch the vulnerability without letting you know.

Eh, honestly I don't really care that much for the money, its just like an extra thing I can get. I only report the exploits to help both the website and myself.

[Kinanizer]

Personally, I like to warn the site owners about the problem. If in a week they don't fix the problem I will exploit it and do as much damage as possible.