"I was proving that the system was horribly exploitable."
but I read:
"I was exploiting a horribly exploitable system that, had I notified the admins, almost certainly would have been dealt with fast by some guys who obviously care about their service. If it wasn't, I could have still released it publicly a few days later like every other pen tester anywhere. Instead I went for the lulz. Now I'm backpedaling by justifying bad behavior with worse behavior, editing posts, and blaming people who I told, instead of just admitting I handled it really, really badly."
Personally, I didn't know PHPFog beyond the name, but your jackass move makes me want to actively support them.
And don't kid yourself - nothing you did after finding the vulnerability was in the best interest of PHPFog's users. This isn't pen testing or stumbling across a vulnerability. Telling someone else who released stolen code makes it quite black hat.
"I was proving that the system was horribly exploitable."
but I read:
"I was exploiting a horribly exploitable system that, had I notified the admins, almost certainly would have been dealt with fast by some guys who obviously care about their service. If it wasn't, I could have still released it publicly a few days later like every other pen tester anywhere. Instead I went for the lulz. Now I'm backpedaling by justifying bad behavior with worse behavior, editing posts, and blaming people who I told, instead of just admitting I handled it really, really badly."
Personally, I didn't know PHPFog beyond the name, but your jackass move makes me want to actively support them.
And don't kid yourself - nothing you did after finding the vulnerability was in the best interest of PHPFog's users. This isn't pen testing or stumbling across a vulnerability. Telling someone else who released stolen code makes it quite black hat.