Good Write on $20k reward for RCE on Pornhubs
 

Good Right on $20k reward for RCE on Pornhubs

Very good write. Smart Russian guy. Withs good detail.



https://www.evonide.com/how-we-broke...-20000-dollar/
I dont understand most.

What he is saying is that they found a way to run a program on Pornhub that shouldn't have been allowed to happen and they remotely did so, thus gaining a bounty for finding the bug.

They found a vulnerability in PHP that allowed them to do this.

btw: follow @swiftonsecurity on Twitter for some internet security goodness.

https://twitter.com/SwiftOnSecurity

It means they will not get paid.
The most pornhub manslut was going to shell out for this was $100 tops.

I posted this before here.

Also posted here a way for anyone to make a post on Pornhub that redirects to any site :2 cents:

PornHub has paid already. Every last cent of it. :2 cents:

Can you post that method again top tits?

And how do you know that?

Edit: in their rules they said that revealing the method of exploit to "others" would negate the contract. Something similar to that. I know 2 people who can find exploits in anything and wouldn't touch that challenge with squirtit dick.

Because I know.



















(know how to read)

Lol... I don't need to read, makes my "know everything" at jeoperdy. But going to take a stab at this... the Russian guy started bragging but the funds actually not in account yet... am I close?

2k paid... lol

Now I know the meaning behind your nick.

It's the substance (plaster) that fills the cranial cavity between your ears. That can be the only explanation for your complete stupidity, either that or you were dropped on your head as a child, in which case I apologise because it's not cool to make fun of the mentally handicapped.

First take logic:

1. The owner of a web property worth millions of dollars is not going to put it at risk over 20k

2. Bug Bounties are commonplace and structures exist in their setup to ensure bounties are paid.

Now let's examine comprehension:

1. The authors thanked PornHub for being professional and competent.

2. The authors also stated that they received two bounties, one related to Pornhub and the other related to PHP itself.

3. The timeline of events has been verified by third parties.

To quote the authors:

Robert... they are still cock suckers and your head is so far up their ass you should be wiping the shit from between your ears.

It doesn't matter... so they paid on something they said... i'm shocked, yeah.

I don't know why you are sucking up to these ass fucks anyways... you're talking about TGP's and shit in some of your posts. Holy fucking shit nog man... what in the hell are you doing?

Thanks You.
Yes, But I gets lost in details.
Details of exploit is two much. I buy shell coder handbook, but difficult to reads and old book for 32 byte systems. I wants to learn more. About stack and heap.

I wants to finds RCE two. I only finds XSS. Maybe I try capture flags.

I now follows SwiftOnSecurity now. Very good. Thanks you.

you are crazy man , i'm not sure why u don't post that on hackforums
....if u have that big brain maybe maybe after 10 years u will come as hacker u talk about now .

but are ready to be bashed in their culture ? specially with your english , technical knowledge,impulsiveness !

are you logical ?not trying to judge btw https://gfy.com/images/icons/smile.gif

I'm not sure the OP is "all there" actually.

he could be on Mindgeek's payroll

would explain why he dicked around with filesharing sites instead of going after tubes

good to them