Quote:
Originally Posted by plaster
Lol... I don't need to read, makes my "know everything" at jeoperdy. But going to take a stab at this... the Russian guy started bragging but the funds actually not in account yet... am I close?
|
Quote:
Originally Posted by plaster
2k paid... lol
|
Now I know the meaning behind your nick.
It's the substance (plaster) that fills the cranial cavity between your ears. That can be the only explanation for your complete stupidity, either that or you were dropped on your head as a child, in which case I apologise because it's not cool to make fun of the mentally handicapped.
First take logic:
1. The owner of a web property worth millions of dollars is not going to put it at risk over 20k
2. Bug Bounties are commonplace and structures exist in their setup to ensure bounties are paid.
Now let's examine comprehension:
1. The authors thanked PornHub for being professional and competent.
2. The authors also stated that they received two bounties, one related to Pornhub and the other related to PHP itself.
3. The timeline of events has been verified by third parties.
To quote the authors:
Quote:
Here is the timeline of the disclosure process:
2016-05-30 Hacked Pornhub and submitted the issue over Hackerone. Hours later Pornhub quickly fixed the issue by removing calls to unserialize
2016-06-14 Received a reward of $20,000
2016-06-16 Submitted issues to bugs.php.net
2016-06-21 Both bugs got fixed in PHP?s security repository
2016-06-27 Received Hackerone IBB reward of $2,000 ($1,000 for each vulnerability)
2016-07-22 Ponhub resolved the issue on Hackerone
|