Batu69 Posted July 26, 2016 Share Posted July 26, 2016 Adult website's private user details and browsing habits found by white-hat security researchers. Security experts uncovered Pornhub's entire user database but didn't expose the dirty details, in favour of a $20,000 reward The private details of Pornhub visitors, the largest adult website in the world, could have been easily exposed after cybersecurity researchers discovered a glaring vulnerability in the site that revealed its entire user database and their browsing habits. Thankfully, for those on that database, the discovery was made by white-hat hackers (who hack for good) and shared the information with Pornhub's developers in order to highlight the flaw and bolster security. In return, they were rewarded with a $20,000 bug bounty for their work. The team of computer experts, which included Ruslan Habalov, a computer science student, explained in his blog that they found two use-after-free vulnerabilities in PHP's garbage collection algorithm. It said that by gaining remote code execution they would have been able to do anything from "dump the complete database of pornhub.com including all sensitive user information" to "track and observe user behaviour on the platform and leak the complete available source code of all sites hosted on the server." "We have taken the perspective of an advanced attacker with the full intent to get as deep as possible into the system, focusing on one main goal: gaining remote code execution capabilities. Thus, we left no stone unturned and attacked what Pornhub is built upon: PHP," said Habalov. Pornhub bug bounty Pornhub clearly has a vested interest to keep its user base confidential as well as those who upload videos to the adult site, which could expose performers' identities. Therefore they run 'bug bounty' a reward programme that pays out up to $25,000 to anyone who spots a security fault in its system. The reported fault was hastily patched up by the Pornhub team. It may seems counter-intuitive to invite experts to poke around its cybersecurity but clearly the cash bounty was more appealing than the online panic that would have been caused by releasing the data. "As you can see, offering high bug bounties can motivate security researchers to find bugs in underlying software. This positively impacts other sites and unrelated services as well," said the white-hatters. Being one of the world's most visited websites it's a constant target for malicious cyberattackers. One hacker claimed to have sold access to its servers for $1000, although this turned out to be a hoax. Malware is another big problem that attempts to exploit users by trying to get them to click on links that lead them away to another site that could install viruses to glean your personal information or ransomware, which will lock your whole computer unless you pay a ransom. Article source Link to comment Share on other sites More sharing options...
Administrator DKT27 Posted July 26, 2016 Administrator Share Posted July 26, 2016 Should have given premium membership or something like that too. Link to comment Share on other sites More sharing options...
Vic Vega Posted July 26, 2016 Share Posted July 26, 2016 13 minutes ago, DKT27 said: Should have given premium membership or something like that too. Link to comment Share on other sites More sharing options...
dMog Posted July 26, 2016 Share Posted July 26, 2016 don't worry ..they ain't gonna publish the names...however a few powerful people may be getting a phone call on their private line late tomorrow night Link to comment Share on other sites More sharing options...
TheMountain Posted July 26, 2016 Share Posted July 26, 2016 This is the first time I've heard of Pornhub. Link to comment Share on other sites More sharing options...
ck_kent Posted July 26, 2016 Share Posted July 26, 2016 35 minutes ago, DKT27 said: Should have given premium membership or something like that too. You never know! Link to comment Share on other sites More sharing options...
dMog Posted July 26, 2016 Share Posted July 26, 2016 The internet has porn...no way when did this happen? Link to comment Share on other sites More sharing options...
info999 Posted July 26, 2016 Share Posted July 26, 2016 remote code executions is really bad, it is like someone has physical access to the server and he can do anything he wants ... Link to comment Share on other sites More sharing options...
HNB Posted July 26, 2016 Share Posted July 26, 2016 Ive just closed my pornhub account Link to comment Share on other sites More sharing options...
SnakeMasteR Posted July 26, 2016 Share Posted July 26, 2016 I never had one. ? Link to comment Share on other sites More sharing options...
knowledge-Spammer Posted July 26, 2016 Share Posted July 26, 2016 $20,000 reward maybe time to stop fixing programs and start looking for vulnerability in porn sites lol Pornhub is full of vulnerability from longtime ago Link to comment Share on other sites More sharing options...
truemate Posted July 26, 2016 Share Posted July 26, 2016 my fav site do some one have premium acc of this site Link to comment Share on other sites More sharing options...
AlienForce1 Posted July 26, 2016 Share Posted July 26, 2016 53 minutes ago, truemate said: my fav site do some one have premium acc of this site I can upload for you (private message) PHub 1.4.0 (android) if you are interested . Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.