The requested person was informed before disclosing it here.
That's not responsible disclosure.
How much time did you give him to fix any vulnerabilities before publicly disclose them?
OP should have atleast notified OgNasty before injecting any scripts.
Is that an objective standard? A hacker's opinion? Or maybe just
mutual respect and consideration?
OP could have done damage if he wanted - or sold the info. He did the moral thing, and there is nothing illegal about it.
Without the approval of the owner of the site and the hoster, it definitely is illegal. Depending on the country, maybe "just" a gray area.
You can't just start doing pentests on any website/service you encounter.
bob123 is right on this one, OP just by trying to alter anything on nastfans' website without any kind of permission to the owner can be considered as hacking in itself. It doesn't matter if OP has good intentions or not, someone else's property (nastyfan website) was altered/tested by someone who doesn't have any kind of permission too. Posting this earlier without any kind of replies back from either OGnasty or nonnakip is also a bad move made in his part frankly the OP didn't do any kind of good intention by posting this right away.