After playing a little with Vega - I'm newbie in web auditions, just trying to learning something new - and auditing some websites I can see that 8/10 websites have SQL Injection vulnerabilities classified by Vega as High. What should I do here? Email the website owner?
I would be very, very, very careful here. Not sure what country you're in, but you're setting yourself up for possible legal action, even though your intentions are good.