rahmu wroteQuick question about white hat hacking: Can you get in trouble for trying different vulnerabilities?
Say Facebook catches you trying to inject html in their search form (or any other kind of attack), can they attack you legally ? Has it ever happened to you or anyone you know ?
The internet is a wild place. Big nodes like Facebook get thousands of attacks each day.
Now an attack can be of different types and levels (eg: DDOS, SQL injection, DNS attack, CSRF... etc.).
Usually, the damage caused by an attack is estimated in $$$. The more the damage is the more they want your head :P
When you find a vulnerability in the system you will then be considered as a threat even if you haven't exploited what you got and you haven't caused any damage. Facebook for example will encourage security researchers to submit bugs in the system and they will thank you for this, but they will never tolerate full disclosure. No one tolerates full disclosure, cause it will be a mess and it will cause a huge damage. Even some group of black hat hackers are against full disclosure since they don't like skiddies to put their hands on very powerful and dangerous tools. You might be a skid that puts his hands on a 0day exploit, provoke a damage and later get caught OR you might be a good hacker who knows how to use the internet ;)