My first post here so i'll hopefully keep it simple.

I have just finished building a CMS targeted at a certain industry and built a test site to see how everything works.

Anyway I wrote a program to check for sql injection vulnerabilities and the program followed a blog link to an external website.

The program discovered that the external site had a massive vulnerability that left it open to practically anyone who could then access every bit of data on their MYSQL Server and run queries etc. The thing is this external site is the brand leader in their industry and do millions upon millions of sales per annum. I have tried contacting them to let them know and even went as far as contacting the company that built their platform (Magento) but I was pretty much brushed off and haven't heard back from them. Their database would contain the details of hundreds of thousands of customers and all their data. I could easily make myself site admin etc in a few seconds but they won't listen to me even though I have offered to share the vulnerability with them and help in anyway I can.

Is there anything else I can do because it is one of the biggest security risks I have ever personally come across. Is there any other steps I should take to report this?


View more threads in the same category: