Slashdot Mirror
Attacker Compromises Pornhub, Sells Shell Access for $1,000, Says Columnist (csoonline.com)
An anonymous reader writes: Four days after launching a bug bounty program, Pornhub is said to be compromised. The person responsible used a vulnerability in the user profile script that handles images (not ImageMagick) and is selling shell access on one of their servers for $1,000 USD. This is the second major website the hacker has shelled. Prior to Pornhub, they compromised the LA Times website.
CSO's security columnist notes that Pornhub "announced their bounty program on May 9, but it's a private, invite-only program managed by HackerOne. As such, it isn't clear if there would've been a way to report this flaw and collect a reward to begin with." In addition, on Twitter the attacker reportedly posted "I don't report vulnerabilities anymore, go underground or go home."
CSO's security columnist notes that Pornhub "announced their bounty program on May 9, but it's a private, invite-only program managed by HackerOne. As such, it isn't clear if there would've been a way to report this flaw and collect a reward to begin with." In addition, on Twitter the attacker reportedly posted "I don't report vulnerabilities anymore, go underground or go home."
lol.. You are not paying for porn, you are paying for a shell account which can allow you to access porn and a lot more. Hell, you can even set up your own website and host your own porn on their servers if your privileges are high enough.