PornHub Pays Hackers $20,000 to Find Zero-day Flaws


SUBMITTED BY: sahertian

DATE: July 25, 2016, 4:48 p.m.

FORMAT: Text only

SIZE: 828 Bytes

HITS: 676

  1. PornHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded.
  2. Now, it turns out that the world's most popular pornography site has paid its first bounty payout. But how much?
  3. US $20,000!
  4. Yes, PornHub has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers PornHub's website.
  5. The team of three researchers, Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities (CVE-2016-5771/CVE-2016-5773) in PHP's garbage collection algorithm when it interacts with other PHP objects.
  6. Read more here http://goo.gl/LoM8SK

comments powered by Disqus