Happy ending for Pornhub after vulnerability researchers gain access to entire user database

Now we know where Google’s engineers surf in their lunch break.

Happy ending for Pornhub after vulnerability researchers gain access to entire user database

The Register reports:

A trio of hackers have gained remote code execution powers on servers used by adult entertainment outlet Pornhub, using a complex hack that revealed twin zero day flaws in PHP.

Google sofware intern and security boffin Ruslan Habalov (@evonide) detailed the Return Orientated Programming hack in detailed debriefing explaining how he and fellow hackers @_cutz and Dario Weißer @haxonaut gained access to the entire Pornhub database including sensitive user information.

Regular readers will recall that earlier this year Pornhub announced its bug bounty program, asking vulnerability researchers to help harden its security.

The researcher threesome rose to the challenge, and earned themselves a tasty US $20,000 from Pornhub for their efforts. The Internet Bug Bounty threw an extra US $2,000 into the mix for the discovery of the PHP zero-day vulnerabilities.

In the wrong hands, vulnerabilities like these could have caused enormous damage to the x-rated website and its many clandestine users, as well as potentially other sites too.

So, a happy ending all round.

Tags: , ,

Smashing Security podcast
Check out "Smashing Security", the new weekly audio podcast, with Graham Cluley, Carole Theriault, and special guests from the world of information security.

"Three people having fun in an industry often focused on bad news" • "It's brilliant!" • "The Top Gear of computer security"

Latest episode:

, ,

No comments yet.

Leave a Reply