Welcome to the GoFuckYourself.com - Adult Webmaster Forum forums.

You are currently viewing our boards as a guest which gives you limited access to view most discussions and access our other features. By joining our free community you will have access to post topics, communicate privately with other members (PM), respond to polls, upload content and access many other special features. Registration is fast, simple and absolutely free so please, join our community today!

If you have any problems with the registration process or your account login, please contact us.

Post New Thread Reply

Register GFY Rules Calendar
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >
Discuss what's fucking going on, and which programs are best and worst. One-time "program" announcements from "established" webmasters are allowed.

 
Thread Tools
Old 07-23-2016, 09:29 PM   #1
deonbell
Confirmed User
 
deonbell's Avatar
 
Industry Role:
Join Date: Sep 2015
Posts: 1,045
Good Write on $20k reward for RCE on Pornhubs

Good Right on $20k reward for RCE on Pornhubs

Very good write. Smart Russian guy. Withs good detail.



https://www.evonide.com/how-we-broke...-20000-dollar/
Quote:

We have gained remote code execution on pornhub.com and have earned a $20,000 bug bounty on Hackerone.
We have found two use-after-free vulnerabilities in PHP’s garbage collection algorithm.
Those vulnerabilities were remotely exploitable over PHP’s unserialize function.
We were also awarded with $2,000 by the Internet Bug Bounty committee (c.f. Hackerone).
I dont understand most.
deonbell is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:37 PM   #2
AdultKing
Raise Your Weapon
 
AdultKing's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: Outback Australia
Posts: 15,605
Quote:
Originally Posted by deonbell View Post
I dont understand most.
What he is saying is that they found a way to run a program on Pornhub that shouldn't have been allowed to happen and they remotely did so, thus gaining a bounty for finding the bug.

They found a vulnerability in PHP that allowed them to do this.

btw: follow @swiftonsecurity on Twitter for some internet security goodness.

https://twitter.com/SwiftOnSecurity
AdultKing is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:40 PM   #3
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
Quote:
Originally Posted by deonbell View Post
I dont understand most.
It means they will not get paid.
The most pornhub manslut was going to shell out for this was $100 tops.
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:42 PM   #4
Bladewire
StraightBro
 
Bladewire's Avatar
 
Industry Role:
Join Date: Aug 2003
Location: Monarch Beach, CA USA
Posts: 56,232
I posted this before here.

Also posted here a way for anyone to make a post on Pornhub that redirects to any site
__________________


Skype: CallTomNow

Bladewire is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:43 PM   #5
AdultKing
Raise Your Weapon
 
AdultKing's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: Outback Australia
Posts: 15,605
Quote:
Originally Posted by plaster View Post
It means they will not get paid.
The most pornhub manslut was going to shell out for this was $100 tops.
PornHub has paid already. Every last cent of it.
AdultKing is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:43 PM   #6
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
Quote:
Originally Posted by Bladewire View Post
I posted this before here.

Also posted here a way for anyone to make a post on Pornhub that redirects to any site
Can you post that method again top tits?
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:45 PM   #7
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
Quote:
Originally Posted by AdultKing View Post
PornHub has paid already. Every last cent of it.
And how do you know that?

Edit: in their rules they said that revealing the method of exploit to "others" would negate the contract. Something similar to that. I know 2 people who can find exploits in anything and wouldn't touch that challenge with squirtit dick.
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:45 PM   #8
AdultKing
Raise Your Weapon
 
AdultKing's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: Outback Australia
Posts: 15,605
Quote:
Originally Posted by plaster View Post
And how do you know that?
Because I know.



















(know how to read)
AdultKing is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:51 PM   #9
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
Quote:
Originally Posted by AdultKing View Post
Because I know.

(know how to read)
Lol... I don't need to read, makes my "know everything" at jeoperdy. But going to take a stab at this... the Russian guy started bragging but the funds actually not in account yet... am I close?
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 09:56 PM   #10
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
2k paid... lol
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 10:23 PM   #11
AdultKing
Raise Your Weapon
 
AdultKing's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: Outback Australia
Posts: 15,605
Quote:
Originally Posted by plaster View Post
Lol... I don't need to read, makes my "know everything" at jeoperdy. But going to take a stab at this... the Russian guy started bragging but the funds actually not in account yet... am I close?
Quote:
Originally Posted by plaster View Post
2k paid... lol
Now I know the meaning behind your nick.

It's the substance (plaster) that fills the cranial cavity between your ears. That can be the only explanation for your complete stupidity, either that or you were dropped on your head as a child, in which case I apologise because it's not cool to make fun of the mentally handicapped.

First take logic:

1. The owner of a web property worth millions of dollars is not going to put it at risk over 20k

2. Bug Bounties are commonplace and structures exist in their setup to ensure bounties are paid.

Now let's examine comprehension:

1. The authors thanked PornHub for being professional and competent.

2. The authors also stated that they received two bounties, one related to Pornhub and the other related to PHP itself.

3. The timeline of events has been verified by third parties.

To quote the authors:

Quote:
Here is the timeline of the disclosure process:
2016-05-30 Hacked Pornhub and submitted the issue over Hackerone. Hours later Pornhub quickly fixed the issue by removing calls to unserialize
2016-06-14 Received a reward of $20,000
2016-06-16 Submitted issues to bugs.php.net
2016-06-21 Both bugs got fixed in PHP?s security repository
2016-06-27 Received Hackerone IBB reward of $2,000 ($1,000 for each vulnerability)
2016-07-22 Ponhub resolved the issue on Hackerone
AdultKing is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 10:42 PM   #12
plaster
So Fucking Banned
 
Industry Role:
Join Date: Apr 2015
Posts: 2,295
Quote:
Originally Posted by AdultKing View Post
Now I know the meaning behind your nick.

It's the substance (plaster) that fills the cranial cavity between your ears. That can be the only explanation for your complete stupidity, either that or you were dropped on your head as a child, in which case I apologise because it's not cool to make fun of the mentally handicapped.

First take logic:

1. The owner of a web property worth millions of dollars is not going to put it at risk over 20k

2. Bug Bounties are commonplace and structures exist in their setup to ensure bounties are paid.

Now let's examine comprehension:

1. The authors thanked PornHub for being professional and competent.

2. The authors also stated that they received two bounties, one related to Pornhub and the other related to PHP itself.

3. The timeline of events has been verified by third parties.

To quote the authors:
Robert... they are still cock suckers and your head is so far up their ass you should be wiping the shit from between your ears.

It doesn't matter... so they paid on something they said... i'm shocked, yeah.

I don't know why you are sucking up to these ass fucks anyways... you're talking about TGP's and shit in some of your posts. Holy fucking shit nog man... what in the hell are you doing?
plaster is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-23-2016, 11:58 PM   #13
deonbell
Confirmed User
 
deonbell's Avatar
 
Industry Role:
Join Date: Sep 2015
Posts: 1,045
Quote:
Originally Posted by AdultKing View Post
What he is saying is that they found a way to run a program on Pornhub that shouldn't have been allowed to happen and they remotely did so, thus gaining a bounty for finding the bug.

They found a vulnerability in PHP that allowed them to do this.

btw: follow @swiftonsecurity on Twitter for some internet security goodness.

https://twitter.com/SwiftOnSecurity

Thanks You.
Yes, But I gets lost in details.
Details of exploit is two much. I buy shell coder handbook, but difficult to reads and old book for 32 byte systems. I wants to learn more. About stack and heap.

I wants to finds RCE two. I only finds XSS. Maybe I try capture flags.

I now follows SwiftOnSecurity now. Very good. Thanks you.
deonbell is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-24-2016, 01:09 AM   #14
CPA-Rush
small trip to underworld
 
Industry Role:
Join Date: Mar 2012
Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person
Posts: 4,927
Quote:
Originally Posted by deonbell View Post
Thanks You.
Yes, But I gets lost in details.
Details of exploit is two much. I buy shell coder handbook, but difficult to reads and old book for 32 byte systems. I wants to learn more. About stack and heap.

I wants to finds RCE two. I only finds XSS. Maybe I try capture flags.

I now follows SwiftOnSecurity now. Very good. Thanks you.
you are crazy man , i'm not sure why u don't post that on hackforums
....if u have that big brain maybe maybe after 10 years u will come as hacker u talk about now .

but are ready to be bashed in their culture ? specially with your english , technical knowledge,impulsiveness !

are you logical ?not trying to judge btw
__________________

automatic exchange - paxum , bitcoin,pm, payza

. daizzzy signbucks caution will black-hat black-hat your traffic

ignored forever :zuzana designs
CPA-Rush is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-24-2016, 01:18 AM   #15
AdultKing
Raise Your Weapon
 
AdultKing's Avatar
 
Industry Role:
Join Date: Jun 2003
Location: Outback Australia
Posts: 15,605
Quote:
Originally Posted by CPA-Rush View Post
are you logical ?not trying to judge btw
I'm not sure the OP is "all there" actually.
AdultKing is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-24-2016, 02:12 AM   #16
Google Expert
Webmaster
 
Google Expert's Avatar
 
Industry Role:
Join Date: Jun 2004
Posts: 14,295
Quote:
Originally Posted by plaster View Post
And how do you know that?.
he could be on Mindgeek's payroll

would explain why he dicked around with filesharing sites instead of going after tubes
Google Expert is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Old 07-24-2016, 02:24 AM   #17
seeandsee
Check SIG!
 
seeandsee's Avatar
 
Industry Role:
Join Date: Mar 2006
Location: Europe (Skype: gojkoas)
Posts: 50,945
good to them
__________________
BUY MY SIG - 50$/Year

Contact here
seeandsee is offline   Share thread on Digg Share thread on Twitter Share thread on Reddit Share thread on Facebook Reply With Quote
Post New Thread Reply
Go Back   GoFuckYourself.com - Adult Webmaster Forum > >

Bookmarks

Tags
pornhubs, rce, reward, write, $20k, guy, russian, smart



Advertising inquiries - marketing at gfy dot com

Contact Admin - Advertise - GFY Rules - Top

©2000-, AI Media Network Inc



Powered by vBulletin
Copyright © 2000- Jelsoft Enterprises Limited.