Good Right on $20k reward for RCE on Pornhubs
Very good write. Smart Russian guy. Withs good detail.
https://www.evonide.com/how-we-broke...-20000-dollar/
Quote:
We have gained remote code execution on pornhub.com and have earned a $20,000 bug bounty on Hackerone.
We have found two use-after-free vulnerabilities in PHP’s garbage collection algorithm.
Those vulnerabilities were remotely exploitable over PHP’s unserialize function.
We were also awarded with $2,000 by the Internet Bug Bounty committee (c.f. Hackerone).
|
I dont understand most.