Hacker News new | past | comments | ask | show | jobs | submit login

I know a site which has sql queries inside its URLs. As this sounds scary to me and I would like to notify the site owners of their potential threat, can I use any of those tools to demonstrate what could possibly happen to them without actually causing any damage?



NO.

If you use any of these tools for that purpose, whether you cause damage or not, you open yourself up to all kinds of liability (legal and civil).

I would recommend sending them an email saying you think there is a security problem, with a good explanation, and make sure to note that you have not tried to exploit it.


If you and the site are located in the United States, it is illegal.


Is it illegal to posses these tools btw?

I know some jurisdictions treat hacking tools the same as burglary tools, which is really dumb if you're just trying to test your own system's security.


No.


We are located in Europe, but I guess I wont try to push my boundaries.


Lots of countries criminalise black hat hacking.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: