Any Hackers in the House?

Collapse
X
 
  • Time
  • Show
Clear All
new posts
  • clickity click
    So Fecking Bummed
    • Aug 2014
    • 3682

    #1

    Any Hackers in the House?

    Pornhub are offering $25k if you can find an exploit.

    https://hackerone.com/pornhub
  • CPA-Rush
    small trip to underworld
    • Mar 2012
    • 4927

    #2
    its called pentesting not hacking

    automatic exchange - paxum , bitcoin,pm, payza

    . daizzzy signbucks caution will black-hat black-hat your traffic

    ignored forever :zuzana designs

    Comment

    • clickity click
      So Fecking Bummed
      • Aug 2014
      • 3682

      #3
      No it's not it's hacking. Pentesting is when you test your pen to see if it still works.

      Comment

      • CPA-Rush
        small trip to underworld
        • Mar 2012
        • 4927

        #4
        Originally posted by clickity click
        No it's not it's hacking. Pentesting is when you test your pen to see if it still works.
        penetration testing

        automatic exchange - paxum , bitcoin,pm, payza

        . daizzzy signbucks caution will black-hat black-hat your traffic

        ignored forever :zuzana designs

        Comment

        • clickity click
          So Fecking Bummed
          • Aug 2014
          • 3682

          #5
          Originally posted by CPA-Rush
          penetration testing
          When you fuck a virgin.

          Comment

          • clickity click
            So Fecking Bummed
            • Aug 2014
            • 3682

            #6
            Anyway CPA-RUSH. What the fuck do you know about it anyway?

            Comment

            • T-Rain From Tacoma
              PayPal Troll.
              • Apr 2016
              • 387

              #7
              I hack them all day.. Its a free tube site been going to for years..

              Comment

              • plaster
                So Fucking Banned
                • Apr 2015
                • 2295

                #8
                Nice.... $25 reward min.

                Comment

                • yuu.design
                  Too lazy to set a custom title
                  • Mar 2006
                  • 25924

                  #9
                  intresting!
                  Beautiful And Usable Web Design Creations For The Adult Industry Since 2003
                  I'm Yuu, Designer and Content Producer

                  Paysites - Affiliate Programs - Dating & Cam Sites - Mainstream Projects - Tube Sites - Banners - Wordpress Themes - NATs integration - Landing Pages

                  Check my Portfolio and Content Production Offers

                  Comment

                  • Colmike9
                    (>^_^)b
                    • Dec 2011
                    • 7230

                    #10
                    Originally posted by plaster
                    Nice.... $25 reward min.
                    Looks like it's $50 now
                    Join the BEST cam affiliate program on the internet!
                    I've referred over $1.7mil in spending this past year, you should join in.
                    I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

                    Comment

                    • IrwinJones
                      So Fucking Banned
                      • May 2016
                      • 144

                      #11
                      Hacking Beez aint eazy-e

                      Comment

                      • CaptainHowdy
                        Too lazy to set a custom title
                        • Dec 2004
                        • 94733

                        #12
                        Innaresting ...

                        Comment

                        • Bladewire
                          StraightBro
                          • Aug 2003
                          • 56228

                          #13
                          Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

                          Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.


                          Skype: CallTomNow

                          Comment

                          • clickity click
                            So Fecking Bummed
                            • Aug 2014
                            • 3682

                            #14
                            Originally posted by Bladewire
                            Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

                            Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.
                            Pretty standard terms really.

                            Comment

                            • Bladewire
                              StraightBro
                              • Aug 2003
                              • 56228

                              #15
                              Originally posted by clickity click
                              Pretty standard terms really.
                              Nope.

                              Even Adobe's HackerOne
                              terms don't have anything close to that kind of wording regarding compensation. They definitely don't say you might find an issue, report it, and not gat paid..

                              State facts.


                              Skype: CallTomNow

                              Comment

                              • CPA-Rush
                                small trip to underworld
                                • Mar 2012
                                • 4927

                                #16
                                Originally posted by clickity click
                                When you fuck a virgin.
                                lol what ?

                                Originally posted by clickity click
                                Anyway CPA-RUSH. What the fuck do you know about it anyway?
                                <script>alert("XSS")</script>

                                automatic exchange - paxum , bitcoin,pm, payza

                                . daizzzy signbucks caution will black-hat black-hat your traffic

                                ignored forever :zuzana designs

                                Comment

                                • clickity click
                                  So Fecking Bummed
                                  • Aug 2014
                                  • 3682

                                  #17
                                  Originally posted by CPA-Rush
                                  lol what ?



                                  <script>alert("XSS")</script>
                                  Xss is lame.

                                  Comment

                                  • ladida
                                    Confirmed User
                                    • Nov 2005
                                    • 2179

                                    #18
                                    Originally posted by Bladewire
                                    Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

                                    Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.
                                    Yea. This is pretty standard in the "hack for ethic" contests like this one why its bullshit to even try to compete.You don't know up front for what vuln or level of compromise you get what compensation. The 25k bounty will not go to anyone even if you breach the server. They also removed all the bullshit vuln's that are usually reported like clickjacking, xss, csrf etc etc, and won't pay for any human error or employee targeting )))

                                    They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed
                                    If someone was to found the vuln, you'd sell it better on black market then to them for compensation.
                                    agentGFY *at* gmail.com

                                    Comment

                                    • CPA-Rush
                                      small trip to underworld
                                      • Mar 2012
                                      • 4927

                                      #19
                                      Originally posted by clickity click
                                      Xss is lame.
                                      really ?

                                      automatic exchange - paxum , bitcoin,pm, payza

                                      . daizzzy signbucks caution will black-hat black-hat your traffic

                                      ignored forever :zuzana designs

                                      Comment

                                      • Bladewire
                                        StraightBro
                                        • Aug 2003
                                        • 56228

                                        #20
                                        Originally posted by ladida
                                        They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed
                                        If someone was to found the vuln, you'd sell it better on black market then to them for compensation.
                                        Would be funny if they had a central database that's so old school

                                        Shitty Yahoo is the ONLY other company in all of HackerOne that is so tacky as to say "Rewards are granted entirely at the discretion of"


                                        Skype: CallTomNow

                                        Comment

                                        • clickity click
                                          So Fecking Bummed
                                          • Aug 2014
                                          • 3682

                                          #21
                                          Originally posted by CPA-Rush
                                          really ?
                                          Yes......

                                          Comment

                                          • Bladewire
                                            StraightBro
                                            • Aug 2003
                                            • 56228

                                            #22
                                            Originally posted by clickity click
                                            Yes......
                                            What platform is not vulnerable to XSS?


                                            Skype: CallTomNow

                                            Comment

                                            • CPA-Rush
                                              small trip to underworld
                                              • Mar 2012
                                              • 4927

                                              #23
                                              Originally posted by Bladewire
                                              What platform is not vulnerable to XSS?

                                              automatic exchange - paxum , bitcoin,pm, payza

                                              . daizzzy signbucks caution will black-hat black-hat your traffic

                                              ignored forever :zuzana designs

                                              Comment

                                              • clickity click
                                                So Fecking Bummed
                                                • Aug 2014
                                                • 3682

                                                #24
                                                Originally posted by Bladewire
                                                What platform is not vulnerable to XSS?
                                                Who cares? Just because you can make an alert that makes you l33t.

                                                Comment

                                                • Bladewire
                                                  StraightBro
                                                  • Aug 2003
                                                  • 56228

                                                  #25
                                                  Originally posted by cpa-rush
                                                  ?









                                                  .


                                                  Skype: CallTomNow

                                                  Comment

                                                  • DVTimes
                                                    xxx
                                                    • Jun 2003
                                                    • 31658

                                                    #26
                                                    Now you can make money watching porn on Pornhub | News | Geek.com
                                                    XXX

                                                    Comment

                                                    • CPA-Rush
                                                      small trip to underworld
                                                      • Mar 2012
                                                      • 4927

                                                      #27
                                                      Originally posted by Bladewire
                                                      ?









                                                      .

                                                      pfff its mean i agree lol

                                                      automatic exchange - paxum , bitcoin,pm, payza

                                                      . daizzzy signbucks caution will black-hat black-hat your traffic

                                                      ignored forever :zuzana designs

                                                      Comment

                                                      • money biz
                                                        Confirmed User
                                                        • Jan 2003
                                                        • 1016

                                                        #28
                                                        Originally posted by Bladewire
                                                        What platform is not vulnerable to XSS?
                                                        what ways are even left after reading those terms?

                                                        Comment

                                                        • Bladewire
                                                          StraightBro
                                                          • Aug 2003
                                                          • 56228

                                                          #29
                                                          And get this.


                                                          Skype: CallTomNow

                                                          Comment

                                                          • rowan
                                                            Too lazy to set a custom title
                                                            • Mar 2002
                                                            • 17393

                                                            #30
                                                            Originally posted by Bladewire
                                                            Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

                                                            Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.
                                                            Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.

                                                            Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.

                                                            There's a startup idea for you.

                                                            Comment

                                                            • Phoenix
                                                              BACON BACON BACON
                                                              • Nov 2002
                                                              • 35475

                                                              #31
                                                              I suspect they will get what they ask for, perhaps not the way they wish though.

                                                              Best of luck to the game.
                                                              Telegram PhoenixBrad
                                                              https://quantads.io

                                                              Comment

                                                              • Bladewire
                                                                StraightBro
                                                                • Aug 2003
                                                                • 56228

                                                                #32
                                                                Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs

                                                                Pornhub post offsite redirect example

                                                                Wait 8 seconds

                                                                Pornhub possibly has a serious Xss gif issue too it seems

                                                                There, where's my money? Oh wait . . .


                                                                Skype: CallTomNow

                                                                Comment

                                                                • Bladewire
                                                                  StraightBro
                                                                  • Aug 2003
                                                                  • 56228

                                                                  #33
                                                                  Originally posted by rowan
                                                                  Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.

                                                                  Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.

                                                                  There's a startup idea for you.
                                                                  Brilliant idea!

                                                                  With their "hackers bounty" publicity blitz the last few days they'll get a lot of people like me interested, until they read the scammy terms, and I'm not hacker.

                                                                  With my previous posts "helping" Pornhub you never get public, or private, thanks but see they act on it later, with me at least once that I can remember. There's seemingly more tangible known monetary benefits to not disclosing and using to someone's benefit.

                                                                  I'm sure my last post will receive the same lack of acknowledgement, let alone gratitude from Pornhub, and that's fine


                                                                  Skype: CallTomNow

                                                                  Comment

                                                                  • lezinterracial
                                                                    Confirmed User
                                                                    • Jul 2012
                                                                    • 3117

                                                                    #34
                                                                    Originally posted by rowan
                                                                    Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.

                                                                    Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.

                                                                    There's a startup idea for you.
                                                                    Closest thing I know of is. https://hackerone.com/ and https://www.openbugbounty.org/ At openbounty you can put the details on hold for any site you find a redirect or xss issue with. I put an issue on hold for a month usually. Only a small site paid me. Big sites, never answer.
                                                                    Live Sex Shows

                                                                    Comment

                                                                    • TheeRoly
                                                                      Confirmed User
                                                                      • Oct 2012
                                                                      • 150

                                                                      #35
                                                                      Another good press release / publicity stunt from the top dawgs in Adult.

                                                                      Comment

                                                                      • JFK
                                                                        FUBAR the ORIGINATOR
                                                                        • Jan 2002
                                                                        • 67373

                                                                        #36
                                                                        Originally posted by Bladewire
                                                                        Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs

                                                                        Pornhub post offsite redirect example

                                                                        Wait 8 seconds

                                                                        Pornhub possibly has a serious Xss gif issue too it seems

                                                                        There, where's my money? Oh wait . . .
                                                                        The cheque is in the mail

                                                                        FUBAR Webmasters - The FUBAR Times - FUBAR Webmasters Mobile - FUBARTV.XXX
                                                                        For promo opps contact jfk at fubarwebmasters dot com

                                                                        Comment

                                                                        • Colmike9
                                                                          (>^_^)b
                                                                          • Dec 2011
                                                                          • 7230

                                                                          #37
                                                                          They said we're not allowed to DDoS or use any kind of bots or scripts and a few other things.. I'm out.
                                                                          Join the BEST cam affiliate program on the internet!
                                                                          I've referred over $1.7mil in spending this past year, you should join in.
                                                                          I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

                                                                          Comment

                                                                          • Smut-Talk
                                                                            I talk smut
                                                                            • Jul 2016
                                                                            • 176

                                                                            #38
                                                                            Originally posted by Bladewire
                                                                            Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs

                                                                            <cant post urls yet... > Pornhub post offsite redirect example

                                                                            Wait 8 seconds

                                                                            Pornhub possibly has a serious Xss gif issue too it seems

                                                                            There, where's my money? Oh wait . . .
                                                                            lol

                                                                            nice one!
                                                                            no sanitizing on the php call for the title?

                                                                            Than again lots of sites have 'mistakes' in them.
                                                                            I can name a few...
                                                                            This is my awesome signature!
                                                                            if you really have to, you can use: smuttalk-that apple thingy-websmut.com
                                                                            Don't forget to mention GFY in the subject!

                                                                            Comment

                                                                            • Bladewire
                                                                              StraightBro
                                                                              • Aug 2003
                                                                              • 56228

                                                                              #39
                                                                              Originally posted by Smut-Talk
                                                                              lol

                                                                              nice one!
                                                                              no sanitizing on the php call for the title?

                                                                              Than again lots of sites have 'mistakes' in them.
                                                                              I can name a few...

                                                                              Just Google XSS Gif Pornhub ;)

                                                                              Ask Clifford for details it's his work.

                                                                              Here's his HackerOne profile: https://hackerone.com/trizaeron

                                                                              Pornhub hasn't paid Clifford according to his profile and he's hacked it since what, March?

                                                                              Maybe Pornhub doesn't care about people redirecting from their site or don't want to pay the guy what he's worth?


                                                                              Skype: CallTomNow

                                                                              Comment

                                                                              • Smut-Talk
                                                                                I talk smut
                                                                                • Jul 2016
                                                                                • 176

                                                                                #40
                                                                                I just returned from big G was looking for more info.
                                                                                i can see the kremlin gets lots of traffic from pornhub..
                                                                                Was that you?

                                                                                but no info on Clifford's hack.
                                                                                This is my awesome signature!
                                                                                if you really have to, you can use: smuttalk-that apple thingy-websmut.com
                                                                                Don't forget to mention GFY in the subject!

                                                                                Comment

                                                                                • Bladewire
                                                                                  StraightBro
                                                                                  • Aug 2003
                                                                                  • 56228

                                                                                  #41
                                                                                  Originally posted by Smut-Talk
                                                                                  I just returned from big G was looking for more info.
                                                                                  i can see the kremlin gets lots of traffic from pornhub..
                                                                                  Was that you?

                                                                                  but no info on Clifford's hack.
                                                                                  Goto the Pornhub link in my original post, wait 8 seconds, and you're forwarded to Cliffords site.

                                                                                  Pornhub post offsite redirect example

                                                                                  I'm not a hacker


                                                                                  Skype: CallTomNow

                                                                                  Comment

                                                                                  • PornDiscounts-V
                                                                                    Confirmed User
                                                                                    • Oct 2003
                                                                                    • 5744

                                                                                    #42
                                                                                    It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.
                                                                                    Blog Posts - Contextual Links - Hardlinks on 600+ Blog Network
                                                                                    * Handwritten * 180 C Class IPs * Permanent! * Many Niches! * Bulk Discounts! GFYPosts /at/ J2Media.net

                                                                                    Comment

                                                                                    • Bladewire
                                                                                      StraightBro
                                                                                      • Aug 2003
                                                                                      • 56228

                                                                                      #43
                                                                                      Originally posted by vvvvv
                                                                                      It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.
                                                                                      Right? This guy still redirects from PH for months, is a part of HackerOne and not paid still wide open. PH was built on a shaky foundation, house of cards, all the stolen content including mine now they make millions a month off our backs, all my hard work, I get nothing from what was stolen and posted on PH from Kherson Oblast, Ukraine


                                                                                      Skype: CallTomNow

                                                                                      Comment

                                                                                      • Smut-Talk
                                                                                        I talk smut
                                                                                        • Jul 2016
                                                                                        • 176

                                                                                        #44
                                                                                        Originally posted by Bladewire
                                                                                        I'm not a hacker
                                                                                        Not saying so ;)
                                                                                        I just thought he/you wrote about it, misunderstood you.
                                                                                        (it does seem he got a few hundred bucks from PH, still way to little for a redirect injection! hackerone dot com/pornhub/thanks )

                                                                                        Still funny, specially the ones redirecting to kremlin!
                                                                                        This is my awesome signature!
                                                                                        if you really have to, you can use: smuttalk-that apple thingy-websmut.com
                                                                                        Don't forget to mention GFY in the subject!

                                                                                        Comment

                                                                                        • Smut-Talk
                                                                                          I talk smut
                                                                                          • Jul 2016
                                                                                          • 176

                                                                                          #45
                                                                                          THIS:
                                                                                          Originally posted by vvvvv
                                                                                          It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.
                                                                                          This is my awesome signature!
                                                                                          if you really have to, you can use: smuttalk-that apple thingy-websmut.com
                                                                                          Don't forget to mention GFY in the subject!

                                                                                          Comment

                                                                                          • Bladewire
                                                                                            StraightBro
                                                                                            • Aug 2003
                                                                                            • 56228

                                                                                            #46
                                                                                            Originally posted by Smut-Talk
                                                                                            Not saying so ;)
                                                                                            I just thought he/you wrote about it, misunderstood you.
                                                                                            (it does seem he got a few hundred bucks from PH, still way to little for a redirect injection! hackerone dot com/pornhub/thanks )

                                                                                            Still funny, specially the ones redirecting to kremlin!
                                                                                            Right, and his redirect still not patched so ...


                                                                                            Skype: CallTomNow

                                                                                            Comment

                                                                                            • Smut-Talk
                                                                                              I talk smut
                                                                                              • Jul 2016
                                                                                              • 176

                                                                                              #47
                                                                                              Originally posted by Bladewire
                                                                                              stolen and posted on PH from Kherson Oblast, Ukraine
                                                                                              I hear you.
                                                                                              Most such a site does is remove content, deleting a user, as a max.
                                                                                              (delete content uploaded, prop. never)

                                                                                              And as no one has to identify for an account.
                                                                                              There is no solution for this.
                                                                                              All there is, is the totally screwed up dmca system.

                                                                                              I know from own experience cam4 won't even give any info on paying members even when given solid proof of uploading stolen content! (captured live shows on the same damn site!)
                                                                                              Hell they didn't even ban him! He has been posting for years.
                                                                                              Prob. still does so.
                                                                                              This is my awesome signature!
                                                                                              if you really have to, you can use: smuttalk-that apple thingy-websmut.com
                                                                                              Don't forget to mention GFY in the subject!

                                                                                              Comment

                                                                                              • Konda
                                                                                                ...
                                                                                                • Apr 2003
                                                                                                • 2280

                                                                                                #48
                                                                                                Originally posted by vvvvv
                                                                                                It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.

                                                                                                Like this guy https://hackerone.com/reports/72243
                                                                                                they offered him only $500 for gaining access to production servers (because the domain he found the info on was not part of the official bounty program).
                                                                                                a year later they still paid him $9.5K though


                                                                                                Last month these people got $20K

                                                                                                https://www.evonide.com/how-we-broke...-20000-dollar/

                                                                                                We gained remote code execution and would?ve been able to do the following things:
                                                                                                - Dump the complete database of pornhub.com including all sensitive user information.
                                                                                                - Track and observe user behavior on the platform.
                                                                                                - Leak the complete available source code of all sites hosted on the server.
                                                                                                - Escalate further into the network or root the system.
                                                                                                $20K is very little for something like that

                                                                                                Comment

                                                                                                • Bladewire
                                                                                                  StraightBro
                                                                                                  • Aug 2003
                                                                                                  • 56228

                                                                                                  #49
                                                                                                  Originally posted by Konda
                                                                                                  Like this guy https://hackerone.com/reports/72243
                                                                                                  they offered him only $500 for gaining access to production servers (because the domain he found the info on was not part of the official bounty program).
                                                                                                  a year later they still paid him $9.5K though


                                                                                                  Last month these people got $20K

                                                                                                  https://www.evonide.com/how-we-broke...-20000-dollar/



                                                                                                  $20K is very little for something like that

                                                                                                  Content is king

                                                                                                  Knowledge is power

                                                                                                  Watching the thieves pay pennies not to be stolen from - priceless


                                                                                                  Skype: CallTomNow

                                                                                                  Comment

                                                                                                  • ladida
                                                                                                    Confirmed User
                                                                                                    • Nov 2005
                                                                                                    • 2179

                                                                                                    #50
                                                                                                    If you read up on the work of the guys that hacked pornhub, their work was amazing. Im pretty sure it took up way more time from way too many people for the 20k they got. I bet their work was less then 8$ an hour if you count it all up.
                                                                                                    They even have 2 zerodays in the php garbage collector out of it. They sold very cheap. Always funny
                                                                                                    agentGFY *at* gmail.com

                                                                                                    Comment

                                                                                                    Working...