Any Hackers in the House?
Collapse
X
-
Tags: None
-
its called pentesting not hackingautomatic exchange - paxum , bitcoin,pm, payza
. daizzzy signbucks caution will black-hat black-hat your traffic
ignored forever :zuzana designs -
-
automatic exchange - paxum , bitcoin,pm, payza
. daizzzy signbucks caution will black-hat black-hat your traffic
ignored forever :zuzana designsComment
-
-
-
-
intresting!Beautiful And Usable Web Design Creations For The Adult Industry Since 2003
I'm Yuu, Designer and Content Producer
Paysites - Affiliate Programs - Dating & Cam Sites - Mainstream Projects - Tube Sites - Banners - Wordpress Themes - NATs integration - Landing Pages
Check my Portfolio and Content Production OffersComment
-
Join the BEST cam affiliate program on the internet!
I've referred over $1.7mil in spending this past year, you should join in.

I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..
Comment
-
-
-
Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else
Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.Comment
-
Pretty standard terms really.Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else
Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.Comment
-
Nope.
Even Adobe's HackerOne terms don't have anything close to that kind of wording regarding compensation. They definitely don't say you might find an issue, report it, and not gat paid..
State facts.Comment
-
automatic exchange - paxum , bitcoin,pm, payza
. daizzzy signbucks caution will black-hat black-hat your traffic
ignored forever :zuzana designsComment
-
-
Yea. This is pretty standard in the "hack for ethic" contests like this one why its bullshit to even try to compete.You don't know up front for what vuln or level of compromise you get what compensation. The 25k bounty will not go to anyone even if you breach the server. They also removed all the bullshit vuln's that are usually reported like clickjacking, xss, csrf etc etc, and won't pay for any human error or employee targetingCool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else
Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.
)))
They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed

If someone was to found the vuln, you'd sell it better on black market then to them for compensation.agentGFY *at* gmail.comComment
-
automatic exchange - paxum , bitcoin,pm, payza
. daizzzy signbucks caution will black-hat black-hat your traffic
ignored forever :zuzana designsComment
-
Would be funny if they had a central database that's so old school
Shitty Yahoo is the ONLY other company in all of HackerOne that is so tacky as to say "Rewards are granted entirely at the discretion of"

Comment
-
-
automatic exchange - paxum , bitcoin,pm, payza
. daizzzy signbucks caution will black-hat black-hat your traffic
ignored forever :zuzana designsComment
-
Comment
-
automatic exchange - paxum , bitcoin,pm, payza
. daizzzy signbucks caution will black-hat black-hat your traffic
ignored forever :zuzana designsComment
-
-
Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else
Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.
Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.
There's a startup idea for you.
Comment
-
I suspect they will get what they ask for, perhaps not the way they wish though.
Best of luck to the game.Telegram PhoenixBrad
https://quantads.ioComment
-
Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs


Pornhub post offsite redirect example
Wait 8 seconds
Pornhub possibly has a serious Xss gif issue too it seems
There, where's my money? Oh wait . . .Comment
-
Brilliant idea!Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.
Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.
There's a startup idea for you.
With their "hackers bounty" publicity blitz the last few days they'll get a lot of people like me interested, until they read the scammy terms, and I'm not hacker.
With my previous posts "helping" Pornhub you never get public, or private, thanks but see they act on it later, with me at least once that I can remember. There's seemingly more tangible known monetary benefits to not disclosing and using to someone's benefit.
I'm sure my last post will receive the same lack of acknowledgement, let alone gratitude from Pornhub, and that's fine

Comment
-
Closest thing I know of is. https://hackerone.com/ and https://www.openbugbounty.org/ At openbounty you can put the details on hold for any site you find a redirect or xss issue with. I put an issue on hold for a month usually. Only a small site paid me. Big sites, never answer.Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.
Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.
There's a startup idea for you.
Comment
-
The cheque is in the mailLike taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs


Pornhub post offsite redirect example
Wait 8 seconds
Pornhub possibly has a serious Xss gif issue too it seems
There, where's my money? Oh wait . . .

FUBAR Webmasters - The FUBAR Times - FUBAR Webmasters Mobile - FUBARTV.XXX
For promo opps contact jfk at fubarwebmasters dot comComment
-
They said we're not allowed to DDoS or use any kind of bots or scripts and a few other things.. I'm out.
Join the BEST cam affiliate program on the internet!
I've referred over $1.7mil in spending this past year, you should join in.

I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..
Comment
-
lolLike taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs


<cant post urls yet... > Pornhub post offsite redirect example
Wait 8 seconds
Pornhub possibly has a serious Xss gif issue too it seems
There, where's my money? Oh wait . . .
nice one!
no sanitizing on the php call for the title?
Than again lots of sites have 'mistakes' in them.
I can name a few...This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!Comment
-
Just Google XSS Gif Pornhub ;)
Ask Clifford for details it's his work.
Here's his HackerOne profile: https://hackerone.com/trizaeron
Pornhub hasn't paid Clifford according to his profile and he's hacked it since what, March?
Maybe Pornhub doesn't care about people redirecting from their site or don't want to pay the guy what he's worth?Comment
-
I just returned from big G was looking for more info.
i can see the kremlin gets lots of traffic from pornhub..
Was that you?
but no info on Clifford's hack.This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!Comment
-
Goto the Pornhub link in my original post, wait 8 seconds, and you're forwarded to Cliffords site.
Pornhub post offsite redirect example
I'm not a hackerComment
-
It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.
Blog Posts - Contextual Links - Hardlinks on 600+ Blog Network
* Handwritten * 180 C Class IPs * Permanent! * Many Niches! * Bulk Discounts! GFYPosts /at/ J2Media.netComment
-
Right? This guy still redirects from PH for months, is a part of HackerOne and not paid still wide open. PH was built on a shaky foundation, house of cards, all the stolen content including mine now they make millions a month off our backs, all my hard work, I get nothing from what was stolen and posted on PH from Kherson Oblast, Ukraine
Comment
-
Not saying so ;)
I just thought he/you wrote about it, misunderstood you.
(it does seem he got a few hundred bucks from PH, still way to little for a redirect injection! hackerone dot com/pornhub/thanks )
Still funny, specially the ones redirecting to kremlin!This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!Comment
-
This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!Comment
-
Right, and his redirect still not patched so ...Comment
-
I hear you.
Most such a site does is remove content, deleting a user, as a max.
(delete content uploaded, prop. never)
And as no one has to identify for an account.
There is no solution for this.
All there is, is the totally screwed up dmca system.
I know from own experience cam4 won't even give any info on paying members even when given solid proof of uploading stolen content! (captured live shows on the same damn site!)
Hell they didn't even ban him! He has been posting for years.
Prob. still does so.
This is my awesome signature!
if you really have to, you can use: smuttalk-that apple thingy-websmut.com
Don't forget to mention GFY in the subject!Comment
-
Like this guy https://hackerone.com/reports/72243
they offered him only $500 for gaining access to production servers (because the domain he found the info on was not part of the official bounty program).
a year later they still paid him $9.5K though
Last month these people got $20K
https://www.evonide.com/how-we-broke...-20000-dollar/
$20K is very little for something like thatWe gained remote code execution and would?ve been able to do the following things:
- Dump the complete database of pornhub.com including all sensitive user information.
- Track and observe user behavior on the platform.
- Leak the complete available source code of all sites hosted on the server.
- Escalate further into the network or root the system.Comment
-
Like this guy https://hackerone.com/reports/72243
they offered him only $500 for gaining access to production servers (because the domain he found the info on was not part of the official bounty program).
a year later they still paid him $9.5K though
Last month these people got $20K
https://www.evonide.com/how-we-broke...-20000-dollar/
$20K is very little for something like that
Content is king
Knowledge is power
Watching the thieves pay pennies not to be stolen from - pricelessComment
-
If you read up on the work of the guys that hacked pornhub, their work was amazing. Im pretty sure it took up way more time from way too many people for the 20k they got. I bet their work was less then 8$ an hour if you count it all up.
They even have 2 zerodays in the php garbage collector out of it. They sold very cheap. Always funny
agentGFY *at* gmail.comComment



Comment