Any Hackers in the House?
 

Pornhub are offering $25k if you can find an exploit.

https://hackerone.com/pornhub

its called pentesting not hacking

No it's not it's hacking. Pentesting is when you test your pen to see if it still works.

penetration testing

When you fuck a virgin.

Anyway CPA-RUSH. What the fuck do you know about it anyway?

I hack them all day.. Its a free tube site been going to for years..

Nice.... $25 reward min.

intresting!

Looks like it's $50 now :upsidedow

Hacking Beez aint eazy-e

Innaresting ...

Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else :thumbsup

Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.

Pretty standard terms really.

Nope.

Even Adobe's HackerOne terms don't have anything close to that kind of wording regarding compensation. They definitely don't say you might find an issue, report it, and not gat paid..

State facts.

lol what ?

<script>alert("XSS")</script>

Xss is lame.

Yea. This is pretty standard in the "hack for ethic" contests like this one why its bullshit to even try to compete.You don't know up front for what vuln or level of compromise you get what compensation. The 25k bounty will not go to anyone even if you breach the server. They also removed all the bullshit vuln's that are usually reported like clickjacking, xss, csrf etc etc, and won't pay for any human error or employee targeting :))))

They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed :) :321GFY
If someone was to found the vuln, you'd sell it better on black market then to them for compensation.

really ?

Would be funny if they had a central database that's so old school :1orglaugh

Shitty Yahoo is the ONLY other company in all of HackerOne that is so tacky as to say "Rewards are granted entirely at the discretion of" :1orglaugh:1orglaugh:1orglaugh

Yes......

What platform is not vulnerable to XSS?

:1orglaugh

Who cares? Just because you can make an alert that makes you l33t.

?

.

pfff its mean i agree lol

what ways are even left after reading those terms?

Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.

Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.

There's a startup idea for you. :thumbsup

I suspect they will get what they ask for, perhaps not the way they wish though.

Best of luck to the game.

Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs :1orglaugh:1orglaugh:1orglaugh

Pornhub post offsite redirect example

Wait 8 seconds

Pornhub possibly has a serious Xss gif issue too it seems :helpme

There, where's my money? Oh wait . . .

Brilliant idea!

With their "hackers bounty" publicity blitz the last few days they'll get a lot of people like me interested, until they read the scammy terms, and I'm not hacker.

With my previous posts "helping" Pornhub you never get public, or private, thanks but see they act on it later, with me at least once that I can remember. There's seemingly more tangible known monetary benefits to not disclosing and using to someone's benefit.

I'm sure my last post will receive the same lack of acknowledgement, let alone gratitude from Pornhub, and that's fine :1orglaugh:1orglaugh:1orglaugh

Closest thing I know of is. https://hackerone.com/ and https://www.openbugbounty.org/ At openbounty you can put the details on hold for any site you find a redirect or xss issue with. I put an issue on hold for a month usually. Only a small site paid me. Big sites, never answer.

Another good press release / publicity stunt from the top dawgs in Adult.

The cheque is in the mail :helpme

They said we're not allowed to DDoS or use any kind of bots or scripts and a few other things.. I'm out.

lol

nice one!
no sanitizing on the php call for the title?

Than again lots of sites have 'mistakes' in them.
I can name a few...

Just Google XSS Gif Pornhub ;)

Ask Clifford for details it's his work.

Here's his HackerOne profile: https://hackerone.com/trizaeron

Pornhub hasn't paid Clifford according to his profile and he's hacked it since what, March?

Maybe Pornhub doesn't care about people redirecting from their site or don't want to pay the guy what he's worth?

I just returned from big G was looking for more info.
i can see the kremlin gets lots of traffic from pornhub.. :1orglaugh
Was that you?

but no info on Clifford's hack.