Get access to Pornhub?

Get access to Pornhub?

Having exploited vulnerabilities (in PHP), experts gained access to user data from the largest strawberry site Pornhub. Two vulnerabilities (use-after-free vulnerabilities: CVE-2016-5771 and CVE-2016-5773) were discovered in PHP by Ruslan Habalov (Google Sofware Intern), Dario Weisser (IB-expert), a researcher with nickname @_cutz. They found and demonstrated how the RCE-vulnerability works, discovered 0-day bugs in PHP. Using these vulnerabilities, the researchers executed the code and got full access to the Pornhub database. Access to the file / etc / passwd, the ability to randomly launch system calls was obtained.


')
According to experts, the vulnerability was found in the PHP garbage collector algorithm, data could be remotely exploited in the context of the unserialize function. The process of detecting and operating vulnerabilities cannot be called simple, but as a result, full access to user data and the source code of the Pornhub subsites. The experts were able to track the actions of users, in addition, to perform actions with superuser rights. They created a malicious payload that used the memory that was released after the garbage collection algorithm was run, which started after the PHP deserialization mechanism. Due to this, the PornHub server managed to execute malicious code.

The Pornhub administration rewarded researchers for finding such a flaw, they were paid $ 20,000 in remuneration, and Internet Bug Bounty also paid them $ 2,000 for finding vulnerabilities in PHP.

On May 13 of this year, Pornhub promised to pay to users who manage to hack the site and report its vulnerabilities, it was planned to pay from $ 50 to 25 thousand, depending on the complexity of the bug. At the moment, PHP developers have already eliminated the problems found.