Pornhub has been Hacked! Hackers Access Full Database of Pornhub Members
Pornhub has been Hacked! Hackers Access Full Database of Pornhub Members

It has been about two months since PornHub Launched its bug bounty program for encouraging hackers to find and report flaws in its services and claim rewards. Therefore, now its time for the world’s most famous pornography site to pay its first bug bounty payout.



Pornhub has been Hacked! Hackers Access Full Database of Pornhub Members

A group of three researchers Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) managed to gain access to the entire Pornhub Database which includes sensitive user information.

The process that the three researchers took in order to gain access to the entire Pornhub Database is not the easy one. They have to go through some creative, multi-step process in order to get access to Pornhub Database.

After lots of hard work, the researchers managed to gain Remote Code Execution(RCE) capability on PornHub servers using a zero-day vulnerability in PHP. PHP is the programming language which is used to power PornHub’s website.

According to the group of three researchers, they have managed to find two use-after-free vulnerabilities (CVE-2016-5771/CVE-2016-5773) in PHP’s garbage collection algorithm interacts with other particular PHP objects.

One of those is PHP’s unserialize function, which is handled to take care of data uploaded by users and transfer it to several paths of the server, which includes:

http://www.pornhub.com/album_upload/create
http://www.pornhub.com/uploading/photo

The zero-day flaw which was discovered by the researchers actually allowed them to reveal the address of the server’s POST data, which allowed them to craft malicious payload and execute the arbitrary on the Pornhub’s server.

As we already mentioned that the process of the hack was complicated but granted a “nice view of Pornhub’s /etc/passwd file”. The Zero-day PHP flaw that researchers discovered used to affect all PHP version from 5.3 and higher. However, PHP Project fixed the issue in meanwhile.

After the researchers managed to achieve a PornHub RCE (Remote Code Execution), they were rewarded with one of the Pornhub’s highest bug bounties, of $20,000. The more interesting part is Internet Bug Bounty HackerOne also rewarded the researchers an extra $2,000 for the discovery and decent exposure of the PHP zero-day.

For those, who were interested in the full technical details can visit the highly detailed blog post.


COMMENTS

AUTHOR