Skip to content

Latest commit

 

History

History
70 lines (66 loc) · 7.96 KB

TOPPORNHUB.md

File metadata and controls

70 lines (66 loc) · 7.96 KB

Back

Top reports from Pornhub program at HackerOne:

  1. [phpobject in cookie] Remote shell/command execution to Pornhub - 588 upvotes, $20000
  2. Publicly exposed SVN repository, ht.pornhub.com to Pornhub - 202 upvotes, $10000
  3. Multiple endpoints are vulnerable to XML External Entity injection (XXE) to Pornhub - 134 upvotes, $2500
  4. vulnerabilitie to Pornhub - 127 upvotes, $0
  5. [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com to Pornhub - 87 upvotes, $10000
  6. xss to Pornhub - 83 upvotes, $100
  7. Unsecured DB instance to Pornhub - 66 upvotes, $5000
  8. [idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs) to Pornhub - 56 upvotes, $1500
  9. Wordpress Content injection to Pornhub - 45 upvotes, $1500
  10. Stored XSS in photo comment functionality to Pornhub - 41 upvotes, $1500
  11. Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com to Pornhub - 39 upvotes, $250
  12. RCE Possible Via Video Manager Export using @ character in Video Title to Pornhub - 36 upvotes, $500
  13. Unsecured Elasticsearch Instance to Pornhub - 35 upvotes, $3500
  14. [stored xss, pornhub.com] stream post function to Pornhub - 35 upvotes, $1500
  15. IDOR - disclosure of private videos - /api_android_v3/getUserVideos to Pornhub - 29 upvotes, $1500
  16. Weak user aunthentication on mobile application - I just broken userKey secret password to Pornhub - 27 upvotes, $5000
  17. [IDOR] post to anyone even if their stream is restricted to friends only to Pornhub - 27 upvotes, $1500
  18. [IDOR] Deleting other users comment to Pornhub - 23 upvotes, $1000
  19. Single User DOS by Poisoning Cookie via Get Parameter to Pornhub - 21 upvotes, $50
  20. Possibility to insert stored XSS inside <img> tag to Pornhub - 19 upvotes, $1500
  21. XSS vulnerability using GIF tags to Pornhub - 18 upvotes, $1000
  22. Unsecured Kibana/Elasticsearch instance to Pornhub - 16 upvotes, $750
  23. Partial disclosure of Private Videos through data-mediabook attribute information leak to Pornhub - 16 upvotes, $250
  24. Self-XSS to Good-XSS - pornhub.com to Pornhub - 16 upvotes, $250
  25. Unsecured Grafana instance to Pornhub - 15 upvotes, $750
  26. Mobile Reflect XSS / CSRF at Advertisement Section on Search page to Pornhub - 15 upvotes, $200
  27. Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint to Pornhub - 14 upvotes, $1000
  28. Stored XSS in the any user profile using website link to Pornhub - 14 upvotes, $500
  29. Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section to Pornhub - 13 upvotes, $350
  30. XSS on pornhubselect.com to Pornhub - 13 upvotes, $0
  31. (Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access to Pornhub - 11 upvotes, $1500
  32. Blind Stored XSS against Pornhub employees using Amateur Model Program to Pornhub - 11 upvotes, $500
  33. Public Facing Barracuda Login to Pornhub - 11 upvotes, $250
  34. XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint to Pornhub - 11 upvotes, $250
  35. Race Condition Vulnerability On Pornhubpremium.com to Pornhub - 10 upvotes, $520
  36. Reflected XSS in login redirection module to Pornhub - 10 upvotes, $250
  37. [Debug.log file Exposed to Public \Full Path Disclosure](https://hackerone.com/reports/202939) to Pornhub - 10 upvotes, $0
  38. [ssrf] libav vulnerable during conversion of uploaded videos to Pornhub - 9 upvotes, $1500
  39. Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box to Pornhub - 9 upvotes, $750
  40. Stored XSS on the http://ht.pornhub.com/widgets/ to Pornhub - 9 upvotes, $150
  41. Reflected XSS by way of jQuery function to Pornhub - 9 upvotes, $50
  42. Unprotected Memcache Installation running to Pornhub - 8 upvotes, $2500
  43. pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss to Pornhub - 8 upvotes, $750
  44. Same-Origin Method Execution bug in plupload.flash.swf on /insights to Pornhub - 8 upvotes, $150
  45. CSV Macro injection in Video Manager (CEMI) to Pornhub - 8 upvotes, $100
  46. PornIQ Reflected Cross-Site Scripting to Pornhub - 7 upvotes, $250
  47. [idor] Profile Admin can pin any other user's post on his stream wall to Pornhub - 6 upvotes, $750
  48. [crossdomain.xml] Dangerous Flash Cross-Domain Policy to Pornhub - 6 upvotes, $50
  49. http://ht.pornhub.com/ stored XSS in widget stylesheet to Pornhub - 6 upvotes, $50
  50. Private videos can be added to our playlists to Pornhub - 6 upvotes, $0
  51. Unauthenticated access to Content Management System - www1.pornhubpremium.com to Pornhub - 5 upvotes, $5000
  52. SSRF & XSS (W3 Total Cache) to Pornhub - 5 upvotes, $1000
  53. Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML. to Pornhub - 5 upvotes, $200
  54. HTTP Track/Trace Method Enabled to Pornhub - 4 upvotes, $50
  55. Reflected Cross-Site Scripting on French subdomain to Pornhub - 3 upvotes, $250
  56. Cross Site Scripting - On Mouse Over, Blog page to Pornhub - 3 upvotes, $250
  57. [xss, pornhub.com] /user/[username], multiple parameters to Pornhub - 3 upvotes, $250
  58. XSS Reflected incategories*p to Pornhub - 3 upvotes, $250
  59. XSS ReflectedGET /embed_player? to Pornhub - 3 upvotes, $250
  60. [xss] pornhubpremium.com, /redeem?code= URL endpoint to Pornhub - 3 upvotes, $250
  61. [reflected xss, pornhub.com] /blog, any to Pornhub - 3 upvotes, $100
  62. Cross Site Scripting – Album Page to Pornhub - 3 upvotes, $50
  63. Reflected XSS on ht.pornhub.com - /export/GetPreview to Pornhub - 1 upvotes, $0

Back