It is currently 24-09-2017 15:00

A vulnerability in PHP allowed us to get full access to Pornhub

A vulnerability in PHP allowed us to get full access to Pornhub

by sigismund » 2016-07-26 11:34:56


Proekspluatirovat vulnerability experts got access to user data.


Intern at Google, Sofware Ruslan Khabalov, IB-expert Vaser Dario (Dario Weißer) and researcher under the pseudonym @_cutz discovered two vulnerabilities in PHP, which allows to remotely execute code and gain complete access to the largest database of adult website Pornhub.

According to experts, the discovery and exploitation of vulnerabilities was quite a complicated process that includes several stages. Done by the researchers allowed to access the /etc/passwd file and the possibility of any launch system calls.

"We were able to detect vulnerabilities in the algorithm of garbage collector PHP. The data gaps could also be remotely proekspluatirovat in the context of the function unserialize", - noted experts. The experts were able to access user data and to the full source code subsites Pornhub. They were able to track users and perform actions on the system with root privileges.

For done specialists work administration Pornhub paid a reward of $20 thousand, $2 thousand experts has received from representatives of the Internet Bug Bounty for the discovery of vulnerabilities in PHP.
sigismund
moderators
Сообщений: 788
Депозит: 0 BTC

Rating: 5