How legal is SQL Injection / XSS? (not authorized)

Stuff that does not fit elsewhere and generic / global news

How legal is SQL Injection / XSS? (not authorized)

Postby Legu » Mon Oct 08, 2012 9:09 am

Topic name says everything.
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: How legal is SQL Injection / XSS? (not authorized)

Postby KEN » Mon Oct 08, 2012 12:09 pm

Illegal, even if you make no changes at all.
Think like this, if you point a gun at someone but dont take their valuables (watch , money etc.) , it will still be illegal and charges can be placed on you.
sql injection is considered an attack as far as I know.If they have enough time to backtrack you then yeah you can be in trouble but well maybe I'm watching too many movies :)
User avatar
KEN
Moderator
Moderator
 
Posts: 756
Joined: Thu Jan 28, 2010 8:11 am

Re: How legal is SQL Injection / XSS? (not authorized)

Postby Sethioz » Mon Oct 08, 2012 6:50 pm

Ken is correct, however in reality noone really gives a shit.
there is always possibility to get into serious trouble, but its very small chance that it happens.
i have never heard of anyone who have been charged.

its extremely hard to even prove that something like that happend, since only very few websites record everything that is going on and that alone is NOT the evidence. ISPs do not record what you do in internet, they just have records of IP address activity.

if you planning on attacking someone with SQL injection or XSS (why you do XSS / SQL ? its not same thing), then you shouldn't worry about getting into trouble, that is ofcourse if you're not going to attack some government sites.
if you are paranoid, just use TOR proxy network.
ive done this for years and it have never got further than some brat running their mouth and in those cases they even knew i did it and they couldn't do shit.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown

Re: How legal is SQL Injection / XSS? (not authorized)

Postby Legu » Mon Oct 08, 2012 7:07 pm

I wrote sql / xss, cuz i believe these 2 are the most common methods.

Anyhow when you dont change anything in the database (select /union), and dont publish it or use it in anway to make "money", i think it is defintely different when u shut the website down(delete) and they start investigating what really happens. Another question that might interest me regardin this topic: how much "traffic" (requests) does a succesful sql injection in the best case generate? (Impossible to answer i know, but how much is at least needed? like u can tell that 10000ips are enough for wep and so on)
User avatar
Legu
Allie
Allie
 
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: How legal is SQL Injection / XSS? (not authorized)

Postby Sethioz » Tue Oct 09, 2012 2:39 am

you are so wrong, there is a company called ZDI (google it), they buy dangerous exploits that can seriously harm some software and then they contact the developers and offer them help for huge amount of money, if they refuse, they will give 1 week for developers and then they publish the vulnerability on their site.

it is so called "legal blackmailing". by law its ok to do so, but if you think of it, its nothing but blackmailing. pay or have your vulnerability posted out in public.
i really don't care if such things are legal or not, i do what i need to do or exploit just for fun.
User avatar
Sethioz
Admin
Admin
 
Posts: 4757
Joined: Fri Jul 27, 2007 5:11 pm
Location: unknown


Return to Off-topic / News

Who is online

Users browsing this forum: No registered users and 2 guests

cron