Header Ads

PornHub Pays Hackers $20,000 for its first Bounty Payout

The world's most popular pornography site has paid its first bounty payout. But how much?
US $20,000!- PornHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded.

PornHub has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers PornHub's website.

The team of three researchers, Dario Wei├čer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities (CVE-2016-5771/CVE-2016-5773) in PHP's garbage collection algorithm when it interacts with other PHP objects.

One of those is PHP's unserialize function on the website that handles data uploaded by users, like hot pictures, on multiple paths, including:

  • site/album_upload/create
  • site/uploading/photo

This zero-day flaw let the researchers reveal the address of the server's POST data, allowing them to craft a malicious payload and thereby executing rogue code on PornHub's server.
The hack was complicated and required a massive amount of work that granted a "nice view of Pornhub’s /etc/passwd file," allowing the team to execute commands and make PHP run malicious syscalls.

The PHP zero-day vulnerabilities affect all PHP versions of 5.3 and higher, though the PHP project has fixed the issue.
The hack could have allowed the team to drop all Pornhub data including user information, track its users and observe behavior, disclose all source code of co-hosted websites, pivot deeper into the network and gain root privileges.

The Internet Bug Bounty HackerOne also awarded the researchers an additional $2,000 for discovering the PHP zero-days. 

The team has been explained technicalities of this attack in two highly detailed blog posts.

source: https://www.evonide.com

No comments

blogmytuts. Powered by Blogger.