Slashdot Mirror
'How I Hacked Imgur for Fun and Profit' (medium.com)
A security researcher describes gaining full access to the production database for Imgur's image-sharing site -- and then successfully lobbying the company for a higher bug bounty of $5,000. Nathan Malcolm says he exploited a remote-access vulnerability in one of Imgur's unprotected development servers to read their /etc/passwd file, and also keys.php, which contained the credentials for their MySQL servers. An anonymous Slashdot reader quotes Nathan's article on Medium:
An important part of security research is knowing when to stop. I went far enough to prove how serious the issue is, and demonstrate what a malicious attacker could do, while not being overly careless or intrusive... I hope other teams can learn from Imgur's willingness to take on feedback and improve, as communication around security is so very important.
Imgur's founder and CEO sent him a personal e-mail along with the bounty, which ended "Thanks so much for protecting us and properly reporting it to us." The author of the article reports that "I've continued to participate in Imgur's bug bounty program, and while it's not perfect, it's responded and paid out nicely to myself and others." And the $5,000 bounty? "Half of that went to people in need, including Lauri Love, a hacker facing extradition to the United States, and a close friend who was recently made homeless. Various charities and researchers also benefited from it."
Imgur's founder and CEO sent him a personal e-mail along with the bounty, which ended "Thanks so much for protecting us and properly reporting it to us." The author of the article reports that "I've continued to participate in Imgur's bug bounty program, and while it's not perfect, it's responded and paid out nicely to myself and others." And the $5,000 bounty? "Half of that went to people in need, including Lauri Love, a hacker facing extradition to the United States, and a close friend who was recently made homeless. Various charities and researchers also benefited from it."
Imgur is an okay image sharing spot, but it's infested with pansy-ass SJW types who take exception to the smallest of slights or imagined insults. Special snowflakes abound, and if you don't hew to their extreme form of social justice groupthink then your account will be maliciously downvoted and reported until it's banned.
Even the littlest departure from their SJW mindset will trigger them into fits of outrage. I've seen this happen to many, many people, and when I dared to speak out about this abusive "tyranny of the intolerant", they banned me too. Frankly, nothing of value was lost on either side. lol
Just cruising through this digital world at 33 1/3 rpm...