Hello there, Recently i've stumbled upon a big bug in those online financial payment companies.... My question is... should i try to make some earnings from it? Or should i just be a nice customer and contact the companies right away? At one hand, i do want to make profit from it, at the other hand i'm affraid for any legal issues that might come up if I go public with this bug and thus harm paypal/2checkout.. Need some help on this, and yes the bug is huge.. it mostly affects the sellers using those systems!
Take the high road and inform the companies. Ask them to respond. If they brush you off or ignore you. Blog away about it. I suggest you be 100% sure of your facts before you do this. If you have a solution to the problem you might approach it properly from that angle. If it is a unique fix you might be able to make some $ off of it. By posting this article here you have already assured that the potential bug will be listed in Google within a few hours.
I'd suggest you take advantage and gather the cash while you can. It's going to be useful when you'll be out of jail in 20-30 years time...
Karliem, I work as a security researcher by day, so I can give you advice about this from my past experience. I've dealt with ebay and paypal before and honestly thier staff is well morons. It took me almost 4 days to get through to someone who had a brain. I've worked security issues with paypal and ebay (same company now) before so if you want help contacting them pm me.
If you mean similarities like the 2checkout's ?demo=Y parameter for stealing downloadable products for free you better not call it HUGE and not blog about it or you'll be considered as real lame...
If you are sure that its a bug, and can make them lose money to you, tell them to give some cash for finding this bug and if they dont listen you , make it public , but never try to cheat them
Whether you want to make a profit from it or not you should contact them first. But if you are the bug try to hide it