What to do after discovering SQL Injection vulnerability in random websites?
After playing a little with Vega - I'm newbie in web auditions, just trying to learning something new - and auditing some websites I can see that 8/10 websites have SQL Injection vulnerabilities classified by Vega as High. What should I do here? Email the website owner? I would be very, very, very careful here. Not sure what country you're in, but you're setting yourself up for possible legal action, even though your intentions are good. You can email the owner with a few tips to fix the issue. You can even offer to do a deeper inspection for some fee. That might be interpreted as extortion. OP read up on responsible disclosure. That's why I was careful to say that you should offer tips to fix the issue, not ask for money to do so. As for the second part (offering to do a security audit), I don't see how that's any different from cold-emailing someone with a proposal to redesign their site.