Skip to content

Latest commit

 

History

History
96 lines (95 loc) · 11.9 KB

TOPPORNHUB.md

File metadata and controls

96 lines (95 loc) · 11.9 KB
Raw

Top reports from Pornhub program at HackerOne:

  1. [phpobject in cookie] Remote shell/command execution to Pornhub - 607 upvotes, $20000
  2. Deserialization of untrusted data at https://www.redtube.com/media/hls?s=data to Pornhub - 271 upvotes, $10000
  3. idor allows you to delete photos and album from a gallery to Pornhub - 266 upvotes, $1500
  4. IDOR allows any user to edit others videos to Pornhub - 248 upvotes, $1500
  5. Publicly exposed SVN repository, ht.pornhub.com to Pornhub - 211 upvotes, $10000
  6. Blind SQL injection and making any profile comments from any users to disappear using "like" function (2 in 1 issues) to Pornhub - 211 upvotes, $0
  7. Blind SQL injection in Hall of Fap to Pornhub - 179 upvotes, $0
  8. CRITICAL ISSUE : Leak of all accounts mail login md5 pass and more to Pornhub - 157 upvotes, $0
  9. Multiple endpoints are vulnerable to XML External Entity injection (XXE) to Pornhub - 138 upvotes, $2500
  10. View storyboard of private video @ ht.pornhub.com to Pornhub - 130 upvotes, $750
  11. vulnerabilitie to Pornhub - 127 upvotes, $0
  12. XSS via JavaScript evaluation of an attacker controlled resource at www.pornhub.com to Pornhub - 109 upvotes, $250
  13. [RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com to Pornhub - 90 upvotes, $0
  14. xss to Pornhub - 84 upvotes, $0
  15. Reflect XSS on Mobile Search page to Pornhub - 79 upvotes, $250
  16. Unsecured DB instance to Pornhub - 73 upvotes, $5000
  17. Blind XSS in redtube administering site my.reflected.net to Pornhub - 72 upvotes, $1000
  18. Reflected XSS on www.pornhub.com and www.pornhubpremium.com to Pornhub - 71 upvotes, $750
  19. SSRF and local file disclosure by video upload on https://www.redtube.com/upload to Pornhub - 61 upvotes, $500
  20. [idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs) to Pornhub - 58 upvotes, $1500
  21. SSRF and local file disclosure by video upload on https://www.tube8.com/ to Pornhub - 53 upvotes, $500
  22. Wordpress Content injection to Pornhub - 48 upvotes, $1500
  23. Stored XSS in photo comment functionality to Pornhub - 44 upvotes, $0
  24. Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com to Pornhub - 40 upvotes, $0
  25. RCE Possible Via Video Manager Export using @ character in Video Title to Pornhub - 38 upvotes, $500
  26. Unsecured Elasticsearch Instance to Pornhub - 36 upvotes, $3500
  27. Stored XSS on the https://www.redtube.com/users/[profile]/collections to Pornhub - 36 upvotes, $0
  28. [stored xss, pornhub.com] stream post function to Pornhub - 35 upvotes, $1500
  29. SSRF and local file disclosure by video upload on http://www.youporn.com/ to Pornhub - 35 upvotes, $500
  30. Stored XSS in galleries - https://www.redtube.com/gallery/[id] path to Pornhub - 35 upvotes, $0
  31. IDOR - disclosure of private videos - /api_android_v3/getUserVideos to Pornhub - 32 upvotes, $1500
  32. [IDOR] post to anyone even if their stream is restricted to friends only to Pornhub - 31 upvotes, $0
  33. Time Based SQL-inject in post-parametr login[username] [domain - youporn.com] to Pornhub - 30 upvotes, $2500
  34. Weak user aunthentication on mobile application - I just broken userKey secret password to Pornhub - 29 upvotes, $5000
  35. [xss, pornhub.com] /, multiple parameters to Pornhub - 28 upvotes, $250
  36. I am because bug to Pornhub - 27 upvotes, $0
  37. XSS reflected on [https://www.youporn.com] to Pornhub - 25 upvotes, $150
  38. [IDOR] Deleting other users comment to Pornhub - 25 upvotes, $0
  39. Self-XSS to Good-XSS - pornhub.com to Pornhub - 25 upvotes, $0
  40. Possibility to insert stored XSS inside <img> tag to Pornhub - 22 upvotes, $0
  41. Single User DOS by Poisoning Cookie via Get Parameter to Pornhub - 22 upvotes, $0
  42. XSS vulnerability using GIF tags to Pornhub - 19 upvotes, $0
  43. Add a video to favourite list of any user [via YouPorn API / FrontEnd] to Pornhub - 19 upvotes, $0
  44. Unsecured Grafana instance to Pornhub - 18 upvotes, $750
  45. Unsecured Kibana/Elasticsearch instance to Pornhub - 18 upvotes, $750
  46. Account takeover via Pornhub Oauth to Pornhub - 17 upvotes, $1000
  47. Partial disclosure of Private Videos through data-mediabook attribute information leak to Pornhub - 17 upvotes, $0
  48. IDOR - Access to private video thumbnails even if video requires password authentication to Pornhub - 17 upvotes, $0
  49. (Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access to Pornhub - 16 upvotes, $1500
  50. Mobile Reflect XSS / CSRF at Advertisement Section on Search page to Pornhub - 15 upvotes, $200
  51. Find whether a video has been favourited or not, for any user [via YouPorn Mobile API] to Pornhub - 15 upvotes, $0
  52. XSS on pornhubselect.com to Pornhub - 15 upvotes, $0
  53. Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint to Pornhub - 14 upvotes, $0
  54. DOM-based XSS on youporn.com (main page) to Pornhub - 14 upvotes, $0
  55. Stored XSS in the any user profile using website link to Pornhub - 14 upvotes, $0
  56. Account hijack via deleted PH account to Pornhub - 13 upvotes, $1000
  57. Race Condition Vulnerability On Pornhubpremium.com to Pornhub - 13 upvotes, $520
  58. Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section to Pornhub - 13 upvotes, $0
  59. Public Facing Barracuda Login to Pornhub - 12 upvotes, $250
  60. Blind Stored XSS against Pornhub employees using Amateur Model Program to Pornhub - 12 upvotes, $0
  61. XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint to Pornhub - 11 upvotes, $250
  62. youporn email notification enable/disable and newsletter to Pornhub - 11 upvotes, $0
  63. [ssrf] libav vulnerable during conversion of uploaded videos to Pornhub - 10 upvotes, $1500
  64. [Debug.log file Exposed to Public \Full Path Disclosure](https://hackerone.com/reports/202939) to Pornhub - 10 upvotes, $0
  65. Reflected XSS in login redirection module to Pornhub - 10 upvotes, $0
  66. http://ht.pornhub.com/ stored XSS in widget stylesheet to Pornhub - 10 upvotes, $0
  67. Unprotected Memcache Installation running to Pornhub - 9 upvotes, $2500
  68. Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box to Pornhub - 9 upvotes, $750
  69. XSS via login cookie to Pornhub - 9 upvotes, $100
  70. Reflected XSS by way of jQuery function to Pornhub - 9 upvotes, $50
  71. Stored XSS on the http://ht.pornhub.com/widgets/ to Pornhub - 9 upvotes, $0
  72. CSRF Full Account Takeover - https://redtube.com/settings to Pornhub - 9 upvotes, $0
  73. pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss to Pornhub - 8 upvotes, $750
  74. Same-Origin Method Execution bug in plupload.flash.swf on /insights to Pornhub - 8 upvotes, $150
  75. CSV Macro injection in Video Manager (CEMI) to Pornhub - 8 upvotes, $100
  76. [crossdomain.xml] Dangerous Flash Cross-Domain Policy to Pornhub - 8 upvotes, $50
  77. [Android API] SQL injection ( errortoken.json ) to Pornhub - 8 upvotes, $0
  78. Unauthenticated access to Content Management System - www1.pornhubpremium.com to Pornhub - 7 upvotes, $5000
  79. SSRF & XSS (W3 Total Cache) to Pornhub - 7 upvotes, $1000
  80. [idor] Profile Admin can pin any other user's post on his stream wall to Pornhub - 7 upvotes, $750
  81. PornIQ Reflected Cross-Site Scripting to Pornhub - 7 upvotes, $250
  82. Private videos can be added to our playlists to Pornhub - 7 upvotes, $0
  83. Reflected XSS in Meta Tag to Pornhub - 6 upvotes, $250
  84. Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML. to Pornhub - 5 upvotes, $200
  85. Cross Site Scripting – Album Page to Pornhub - 5 upvotes, $50
  86. Reflected Cross-Site Scripting on French subdomain to Pornhub - 4 upvotes, $250
  87. Cross Site Scripting - On Mouse Over, Blog page to Pornhub - 4 upvotes, $250
  88. [xss, pornhub.com] /user/[username], multiple parameters to Pornhub - 4 upvotes, $250
  89. [reflected xss, pornhub.com] /blog, any to Pornhub - 4 upvotes, $100
  90. HTTP Track/Trace Method Enabled to Pornhub - 4 upvotes, $50
  91. XSS Reflected incategories*p to Pornhub - 3 upvotes, $250
  92. XSS ReflectedGET /embed_player? to Pornhub - 3 upvotes, $250
  93. [xss] pornhubpremium.com, /redeem?code= URL endpoint to Pornhub - 3 upvotes, $250
  94. Reflected XSS on ht.pornhub.com - /export/GetPreview to Pornhub - 1 upvotes, $0