How legal is SQL Injection / XSS? (not authorized)

Stuff that does not fit elsewhere and also global news like corona or russki war
Post Reply
User avatar
Legu
Allie
Allie
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

How legal is SQL Injection / XSS? (not authorized)

Post by Legu »

Topic name says everything.
User avatar
KEN
Special
Special
Posts: 751
Joined: Thu Jan 28, 2010 8:11 am

Re: How legal is SQL Injection / XSS? (not authorized)

Post by KEN »

Illegal, even if you make no changes at all.
Think like this, if you point a gun at someone but dont take their valuables (watch , money etc.) , it will still be illegal and charges can be placed on you.
sql injection is considered an attack as far as I know.If they have enough time to backtrack you then yeah you can be in trouble but well maybe I'm watching too many movies :)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: How legal is SQL Injection / XSS? (not authorized)

Post by Sethioz »

Ken is correct, however in reality noone really gives a shit.
there is always possibility to get into serious trouble, but its very small chance that it happens.
i have never heard of anyone who have been charged.

its extremely hard to even prove that something like that happend, since only very few websites record everything that is going on and that alone is NOT the evidence. ISPs do not record what you do in internet, they just have records of IP address activity.

if you planning on attacking someone with SQL injection or XSS (why you do XSS / SQL ? its not same thing), then you shouldn't worry about getting into trouble, that is ofcourse if you're not going to attack some government sites.
if you are paranoid, just use TOR proxy network.
ive done this for years and it have never got further than some brat running their mouth and in those cases they even knew i did it and they couldn't do shit.
User avatar
Legu
Allie
Allie
Posts: 232
Joined: Sun Dec 18, 2011 6:47 pm

Re: How legal is SQL Injection / XSS? (not authorized)

Post by Legu »

I wrote sql / xss, cuz i believe these 2 are the most common methods.

Anyhow when you dont change anything in the database (select /union), and dont publish it or use it in anway to make "money", i think it is defintely different when u shut the website down(delete) and they start investigating what really happens. Another question that might interest me regardin this topic: how much "traffic" (requests) does a succesful sql injection in the best case generate? (Impossible to answer i know, but how much is at least needed? like u can tell that 10000ips are enough for wep and so on)
User avatar
Sethioz
Admin
Admin
Posts: 4762
Joined: Fri Jul 27, 2007 5:11 pm
Custom: Gaming YT > https://youtube.com/SethiozEntertainment
Game Hacking YT > https://youtube.com/sethioz
Game Hacks Store > https://sethioz.com/shopz
Location: unknown
Contact:

Re: How legal is SQL Injection / XSS? (not authorized)

Post by Sethioz »

you are so wrong, there is a company called ZDI (google it), they buy dangerous exploits that can seriously harm some software and then they contact the developers and offer them help for huge amount of money, if they refuse, they will give 1 week for developers and then they publish the vulnerability on their site.

it is so called "legal blackmailing". by law its ok to do so, but if you think of it, its nothing but blackmailing. pay or have your vulnerability posted out in public.
i really don't care if such things are legal or not, i do what i need to do or exploit just for fun.
Post Reply