I found a blind SQL injection in my university course management system. Probably could have dropped the entire campus course list... but I didn't try. Found it at ~2-3AM, and so figured I'd bother IT in the morning. Woke up to a locked account and a message from the dean of students to pay him a visit.
I got off with some stupid fine and my online access being locked for 30 days. Was pretty annoying though, because they counted the 30 days only during when school was in semester. I happened to be doing this the final day of the semester... so that 30 days ended up being a lot longer.
I got off with some stupid fine and my online access being locked for 30 days. Was pretty annoying though, because they counted the 30 days only during when school was in semester. I happened to be doing this the final day of the semester... so that 30 days ended up being a lot longer.