Yeah. That's what I was the most afraid of. I don't have anything to hide, but I also don't want that kind of hassle. I also know the security policiy of the place I work at, and I wouldn't want to be me microscoped end.

Doesn't stop me from thinking about how much it would suck if the wrong person were to find this as well, but oh well.

I guess not... 
Just kinda feel bad if I know that this is open and someone completely FUBAR's their DB. I do however see how it's not my responsiblity to notify them if I don't want to. It's their responsibility to secure their stuff...

Thanks for the advice Dengar13 and Equix3n-

Just got a little excited because it is the first thing I've actually seen and not just read about; or simulated in my lab.

Fellow EH's I need some advice. I was doing some GoogleFoo and found a site that had public access to a directory that held some shell scripts. I noticed one of them was named in a way that led me to believe that it may have some 'login' info in it. Sure enough it had the SA credentials for their MYSQL database. What is a good way to notify the site admin? I know the easy way is just to email them, but I know that some admins get a little upset when you discover a flaw in their system. I guess I really want to know:
1) Legally I didn't do anything wrong; am I correct? I didn't download any data and found it with a "simple" google search...
2) How do I approach the Admin in a way to let him/her know that I am trying to help them?
3) Do any of you have any experience with something like this?

Thanks in advance for any advice. I crawl around these forums often and appreciate all of the information that everyone provides. It has really helped me get from, "Yeah, I think security would be a cool thing to get into," to "Wow! I've come a long way in a few months! This stuff is awesome!!!"

-inf3KT1d

Could've helped you, but then our Contract got cut...

I've mainly used milw0rm and exploit-db for exploit lookup. I've found a couple of others that seem to be reposting/copycat sites. Do any of you have a favorite that you check when you are doing exploit research?