I've been self employed for a long time now and have recently decided that PHP development within a company is the route I'd like to go down.
I had an initial interview/meeting yesterday with a potential employer and It seems like a great place to work... so I wake up today and start to do a bit more research on the company and try to find out how their website functions and what software and or framework's they're using. In the process of looking for something that will give me a little advantage in the next stage of interviews, I've found a big vulnerability in the system.
I can get access to the database, or a large part of it at least, which has some address, sort-code, banking provider type information in it judging by the table structure.
Now I'm a little stuck as to what I should do next... I'd have thought it would be a plus that I've found the vulnerability, and not someone with malicious intent, but will the company see it that way too?
It's a fairly large UK company and what I've accessed so far is still an Illegal activity I'd have thought.
Should I tell them as soon as i can, hint at there being a vulnerability but not say I've actually gained access, or do i need to get some kind of NDA sorted so i don't end up at the bad end of the deal?
Just to clarify, I know the database structures, and i know the databases aren't empty, so I'm fairly certain there will be confidential information there. I could access that data easily, but haven't.
