There are security companies that buy these kind of information from you (like antivirus companies), so that they can patch the breaches themselves and proudly announce they discovered a breach and only by using their software you can be protected.
I don't know how legal it is, and I understand that the breach finder wants to publish his findings himself (for "reputations points" maybe ?), and he might lose this right by selling an info, but at least he's getting something out of this. IANAL, but i'm pretty sure you could get in trouble for publicly posting information on how to hack a public service (or pretty much anything for that matter)
when I posted my comment the reddit post wasn't edited to say that it's a rate liming bug. Indeed, nobody is going to buy such a thing. Pretty useless for any kind of purposes, black-hat or not.
I don't know how legal it is, and I understand that the breach finder wants to publish his findings himself (for "reputations points" maybe ?), and he might lose this right by selling an info, but at least he's getting something out of this. IANAL, but i'm pretty sure you could get in trouble for publicly posting information on how to hack a public service (or pretty much anything for that matter)