During an authorized penetration test, you uncovered a server susceptible to an injection attack. To proceed according to best practices, what step should be taken before attempting to exploit this vulnerability?
Inform the organization's IT department about the vulnerability, requesting permission to exploit it.
Immediately exploit the vulnerability to determine the impact without altering any data on the server.
Review the rules of engagement and testing scope to ensure that exploitation of the vulnerability does not exceed authorized activities.
Document the vulnerability in detail and continue testing other areas, leaving exploitation for the final phase.