Any Hackers in the House? - GoFuckYourself.com

clickity click · 05-12-2016, 02:29 PM

Pornhub are offering $25k if you can find an exploit.

https://hackerone.com/pornhub

CPA-Rush · 05-12-2016, 02:38 PM

its called pentesting not hacking

clickity click · 05-12-2016, 02:40 PM

No it's not it's hacking. Pentesting is when you test your pen to see if it still works.

CPA-Rush · 05-12-2016, 02:43 PM

Quote:

Originally Posted by clickity click

No it's not it's hacking. Pentesting is when you test your pen to see if it still works.

penetration testing

clickity click · 05-12-2016, 02:46 PM

Quote:

Originally Posted by CPA-Rush

penetration testing

When you fuck a virgin.

clickity click · 05-12-2016, 02:47 PM

Anyway CPA-RUSH. What the fuck do you know about it anyway?

T-Rain From Tacoma · 05-12-2016, 02:52 PM

I hack them all day.. Its a free tube site been going to for years..

plaster · 05-12-2016, 02:53 PM

Nice.... $25 reward min.

yuu.design · 05-12-2016, 02:58 PM

intresting!

Colmike9 · 05-12-2016, 03:02 PM

Quote:

Originally Posted by plaster

Nice.... $25 reward min.

Looks like it's $50 now

IrwinJones · 05-12-2016, 03:03 PM

Hacking Beez aint eazy-e

CaptainHowdy · 05-12-2016, 03:04 PM

Innaresting ...

Bladewire · 05-12-2016, 03:12 PM

Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.

clickity click · 05-12-2016, 03:22 PM

Quote:

Originally Posted by Bladewire

Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.

Pretty standard terms really.

Bladewire · 05-12-2016, 03:29 PM

Quote:

Originally Posted by clickity click

Pretty standard terms really.

Nope.

Even Adobe's HackerOne terms don't have anything close to that kind of wording regarding compensation. They definitely don't say you might find an issue, report it, and not gat paid..

State facts.

CPA-Rush · 05-12-2016, 03:29 PM

Quote:

Originally Posted by clickity click

When you fuck a virgin.

lol what ?

Quote:

Originally Posted by clickity click

Anyway CPA-RUSH. What the fuck do you know about it anyway?

clickity click · 05-12-2016, 03:40 PM

Quote:

Originally Posted by CPA-Rush

lol what ?

<script>alert("XSS")</script>

Xss is lame.

ladida · 05-12-2016, 03:48 PM

Quote:

Originally Posted by Bladewire

Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.

Yea. This is pretty standard in the "hack for ethic" contests like this one why its bullshit to even try to compete.You don't know up front for what vuln or level of compromise you get what compensation. The 25k bounty will not go to anyone even if you breach the server. They also removed all the bullshit vuln's that are usually reported like clickjacking, xss, csrf etc etc, and won't pay for any human error or employee targeting

)))

They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed

If someone was to found the vuln, you'd sell it better on black market then to them for compensation.

CPA-Rush · 05-12-2016, 04:03 PM

Quote:

Originally Posted by clickity click

Xss is lame.

really ?

Bladewire · 05-12-2016, 04:07 PM

Quote:

Originally Posted by ladida

They'll probably argue 25k would go if you download their database, which is probably few terabytes and how likely is something like that to go unnoticed

If someone was to found the vuln, you'd sell it better on black market then to them for compensation.

Would be funny if they had a central database that's so old school

Shitty Yahoo is the ONLY other company in all of HackerOne that is so tacky as to say "Rewards are granted entirely at the discretion of"

clickity click · 05-12-2016, 04:08 PM

Quote:

Originally Posted by CPA-Rush

really ?

Yes......

Bladewire · 05-12-2016, 04:16 PM

Quote:

Originally Posted by clickity click

Yes......

What platform is not vulnerable to XSS?

CPA-Rush · 05-12-2016, 04:21 PM

Quote:

Originally Posted by Bladewire

What platform is not vulnerable to XSS?

clickity click · 05-12-2016, 04:30 PM

Quote:

Originally Posted by Bladewire

What platform is not vulnerable to XSS?

Who cares? Just because you can make an alert that makes you l33t.

Bladewire · 05-12-2016, 04:33 PM

Quote:

Originally Posted by cpa-rush

?

.

DVTimes · 05-12-2016, 04:36 PM

Now you can make money watching porn on Pornhub | News | Geek.com

CPA-Rush · 05-12-2016, 04:37 PM

Quote:

Originally Posted by Bladewire

?

.

pfff its mean i agree lol

money biz · 05-12-2016, 04:53 PM

Quote:

Originally Posted by Bladewire

What platform is not vulnerable to XSS?

what ways are even left after reading those terms?

Bladewire · 05-12-2016, 05:09 PM

Quote:

Originally Posted by DVTimes

Now you can make money watching porn on Pornhub | News | Geek.com

And get this.

rowan · 05-12-2016, 05:15 PM

Quote:

Originally Posted by Bladewire

Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else

Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all.

Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.

Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.

There's a startup idea for you.

Phoenix · 05-12-2016, 05:17 PM

I suspect they will get what they ask for, perhaps not the way they wish though.

Best of luck to the game.

Bladewire · 05-12-2016, 05:21 PM

Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs

Pornhub post offsite redirect example

Wait 8 seconds

Pornhub possibly has a serious Xss gif issue too it seems

There, where's my money? Oh wait . . .

Bladewire · 05-12-2016, 05:28 PM

Quote:

Originally Posted by rowan

Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.

Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.

There's a startup idea for you.

Brilliant idea!

With their "hackers bounty" publicity blitz the last few days they'll get a lot of people like me interested, until they read the scammy terms, and I'm not hacker.

With my previous posts "helping" Pornhub you never get public, or private, thanks but see they act on it later, with me at least once that I can remember. There's seemingly more tangible known monetary benefits to not disclosing and using to someone's benefit.

I'm sure my last post will receive the same lack of acknowledgement, let alone gratitude from Pornhub, and that's fine

lezinterracial · 05-12-2016, 09:02 PM

Quote:

Originally Posted by rowan

Vuln bounties should have some sort of public signature or hash ledger, so that when someone finds one, the finder can prove the time of submission, without releasing the actual details. That way the company cannot weasel out of it by saying that someone else found it first.

Would probably be even better if the proof was stored on a public blockchain, like Bitcoin, so that the company couldn't manipulate it.

There's a startup idea for you.

Closest thing I know of is. https://hackerone.com/ and https://www.openbugbounty.org/ At openbounty you can put the details on hold for any site you find a redirect or xss issue with. I put an issue on hold for a month usually. Only a small site paid me. Big sites, never answer.

TheeRoly · 05-12-2016, 09:54 PM

Another good press release / publicity stunt from the top dawgs in Adult.

JFK · 05-13-2016, 09:37 AM

Quote:

Originally Posted by Bladewire

Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs

Pornhub post offsite redirect example

Wait 8 seconds

Pornhub possibly has a serious Xss gif issue too it seems

There, where's my money? Oh wait . . .

The cheque is in the mail

Colmike9 · 05-13-2016, 09:42 AM

They said we're not allowed to DDoS or use any kind of bots or scripts and a few other things.. I'm out.

Smut-Talk · 07-24-2016, 04:35 PM

Quote:

Originally Posted by Bladewire

Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs

<cant post urls yet... > Pornhub post offsite redirect example

Wait 8 seconds

Pornhub possibly has a serious Xss gif issue too it seems

There, where's my money? Oh wait . . .

lol

nice one!
no sanitizing on the php call for the title?

Than again lots of sites have 'mistakes' in them.
I can name a few...

Bladewire · 07-24-2016, 06:20 PM

Quote:

Originally Posted by Smut-Talk

lol

nice one!
no sanitizing on the php call for the title?

Than again lots of sites have 'mistakes' in them.
I can name a few...

Just Google XSS Gif Pornhub ;)

Ask Clifford for details it's his work.

Here's his HackerOne profile: https://hackerone.com/trizaeron

Pornhub hasn't paid Clifford according to his profile and he's hacked it since what, March?

Maybe Pornhub doesn't care about people redirecting from their site or don't want to pay the guy what he's worth?

Smut-Talk · 07-24-2016, 07:51 PM

I just returned from big G was looking for more info.
i can see the kremlin gets lots of traffic from pornhub..

Was that you?

but no info on Clifford's hack.

Bladewire · 07-24-2016, 07:59 PM

Quote:

Originally Posted by Smut-Talk

I just returned from big G was looking for more info.
i can see the kremlin gets lots of traffic from pornhub..

Was that you?

but no info on Clifford's hack.

Goto the Pornhub link in my original post, wait 8 seconds, and you're forwarded to Cliffords site.

Pornhub post offsite redirect example

I'm not a hacker

PornDiscounts-V · 07-24-2016, 08:02 PM

It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.

Bladewire · 07-24-2016, 08:06 PM

Quote:

Originally Posted by vvvvv

It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.

Right? This guy still redirects from PH for months, is a part of HackerOne and not paid still wide open. PH was built on a shaky foundation, house of cards, all the stolen content including mine now they make millions a month off our backs, all my hard work, I get nothing from what was stolen and posted on PH from Kherson Oblast, Ukraine

Smut-Talk · 07-24-2016, 08:23 PM

Quote:

Originally Posted by Bladewire

I'm not a hacker

Not saying so ;)
I just thought he/you wrote about it, misunderstood you.
(it does seem he got a few hundred bucks from PH, still way to little for a redirect injection! hackerone dot com/pornhub/thanks )

Still funny, specially the ones redirecting to kremlin!

Smut-Talk · 07-24-2016, 08:27 PM

THIS:

Quote:

Originally Posted by vvvvv

It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.

Bladewire · 07-24-2016, 08:30 PM

Quote:

Originally Posted by Smut-Talk

Not saying so ;)
I just thought he/you wrote about it, misunderstood you.
(it does seem he got a few hundred bucks from PH, still way to little for a redirect injection! hackerone dot com/pornhub/thanks )

Still funny, specially the ones redirecting to kremlin!

Right, and his redirect still not patched so ...

Smut-Talk · 07-24-2016, 08:44 PM

Quote:

Originally Posted by Bladewire

stolen and posted on PH from Kherson Oblast, Ukraine

I hear you.
Most such a site does is remove content, deleting a user, as a max.
(delete content uploaded, prop. never)

And as no one has to identify for an account.
There is no solution for this.
All there is, is the totally screwed up dmca system.

I know from own experience cam4 won't even give any info on paying members even when given solid proof of uploading stolen content! (captured live shows on the same damn site!)
Hell they didn't even ban him! He has been posting for years.
Prob. still does so.

Konda · 07-25-2016, 12:43 AM

Quote:

Originally Posted by vvvvv

It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it.

Like this guy https://hackerone.com/reports/72243
they offered him only $500 for gaining access to production servers (because the domain he found the info on was not part of the official bounty program).
a year later they still paid him $9.5K though

Last month these people got $20K

https://www.evonide.com/how-we-broke...-20000-dollar/

Quote:

We gained remote code execution and would?ve been able to do the following things:
- Dump the complete database of pornhub.com including all sensitive user information.
- Track and observe user behavior on the platform.
- Leak the complete available source code of all sites hosted on the server.
- Escalate further into the network or root the system.

$20K is very little for something like that

Bladewire · 07-25-2016, 12:59 AM

Quote:

Originally Posted by Konda

Like this guy https://hackerone.com/reports/72243
they offered him only $500 for gaining access to production servers (because the domain he found the info on was not part of the official bounty program).
a year later they still paid him $9.5K though

Last month these people got $20K

https://www.evonide.com/how-we-broke...-20000-dollar/

$20K is very little for something like that

Content is king

Knowledge is power

Watching the thieves pay pennies not to be stolen from - priceless

ladida · 07-25-2016, 06:02 AM

If you read up on the work of the guys that hacked pornhub, their work was amazing. Im pretty sure it took up way more time from way too many people for the 20k they got. I bet their work was less then 8$ an hour if you count it all up.
They even have 2 zerodays in the php garbage collector out of it. They sold very cheap. Always funny

05-12-2016, 02:29 PM	#1
clickity click So Fecking Bummed Industry Role: Join Date: Aug 2014 Posts: 3,682	Any Hackers in the House? Pornhub are offering $25k if you can find an exploit. https://hackerone.com/pornhub

05-12-2016, 02:38 PM	#2
CPA-Rush small trip to underworld Industry Role: Join Date: Mar 2012 Location: first gen intel 80386/nintendo-gb/arcade/ps1/internet person Posts: 4,927	its called pentesting not hacking __________________ automatic exchange - paxum , bitcoin,pm, payza . daizzzy signbucks caution will black-hat black-hat your traffic ignored forever :zuzana designs {firefox- remove some posters \|skills#1\|skills#2\| email >[email protected] } ツ

05-12-2016, 02:58 PM	#9
yuu.design Too lazy to set a custom title Industry Role: Join Date: Mar 2006 Location: Argentina Posts: 25,924	intresting! __________________ Beautiful And Usable Web Design Creations For The Adult Industry Since 2003 I'm Yuu, Designer and Content Producer Paysites - Affiliate Programs - Dating & Cam Sites - Mainstream Projects - Tube Sites - Banners - Wordpress Themes - NATs integration - Landing Pages Check my Portfolio and Content Production Offers

05-12-2016, 03:04 PM	#12
CaptainHowdy Too lazy to set a custom title Industry Role: Join Date: Dec 2004 Location: Happy in the dark. Posts: 91,524	Innaresting ... __________________ Join the SWAG Affiliate Asian Live Cam Program, which offers non-saturated Asian models and exclusive material. After registration and placing the link on your website, you can receive 2 free backlinks to commemorate our collaboration.

05-12-2016, 03:12 PM	#13
Bladewire StraightBro Industry Role: Join Date: Aug 2003 Location: Monarch Beach, CA USA Posts: 56,232	Cool according to the endless terms you have to wait 30 days for a response then 90 days for them to fix it, 120 days (4 months) total. THEY decide if your find is worth $50 or more and you have to trust Pornhub if they tell you it's already been reported to them by someone else Their terms also state they MAY reward qualifying finds. So even if you're the first to find a huge vulnerability that they fix you are not guaranteed any money at all. __________________ Skype: CallTomNow

05-12-2016, 02:40 PM	#3
clickity click So Fecking Bummed Industry Role: Join Date: Aug 2014 Posts: 3,682	No it's not it's hacking. Pentesting is when you test your pen to see if it still works.

05-12-2016, 02:47 PM	#6
clickity click So Fecking Bummed Industry Role: Join Date: Aug 2014 Posts: 3,682	Anyway CPA-RUSH. What the fuck do you know about it anyway?

05-12-2016, 02:52 PM	#7
T-Rain From Tacoma PayPal Troll. Industry Role: Join Date: Apr 2016 Posts: 387	I hack them all day.. Its a free tube site been going to for years..

05-12-2016, 02:53 PM	#8
plaster So Fucking Banned Industry Role: Join Date: Apr 2015 Posts: 2,295	Nice.... $25 reward min.

05-12-2016, 03:03 PM	#11
IrwinJones So Fucking Banned Industry Role: Join Date: May 2016 Posts: 144	Hacking Beez aint eazy-e

05-12-2016, 04:36 PM	#26
DVTimes Holedex.com Industry Role: Join Date: Jun 2003 Location: UK Posts: 31,539	Now you can make money watching porn on Pornhub \| News \| Geek.com __________________ My old and new pics I have shot

05-12-2016, 05:17 PM	#31
Phoenix BACON BACON BACON Industry Role: Join Date: Nov 2002 Location: Poems everybody, the laddie fancies himself a poet Posts: 35,457	I suspect they will get what they ask for, perhaps not the way they wish though. Best of luck to the game.

05-12-2016, 05:21 PM	#32
Bladewire StraightBro Industry Role: Join Date: Aug 2003 Location: Monarch Beach, CA USA Posts: 56,232	Like taking candy from a baby. You can redirect to your own page via a Pornhub post. I do similar on my Tumblrs Pornhub post offsite redirect example Wait 8 seconds Pornhub possibly has a serious Xss gif issue too it seems There, where's my money? Oh wait . . . __________________ Skype: CallTomNow

05-12-2016, 09:54 PM	#35
TheeRoly Confirmed User Industry Role: Join Date: Oct 2012 Location: Miami, FL Posts: 150	Another good press release / publicity stunt from the top dawgs in Adult.

05-13-2016, 09:42 AM	#37
Colmike9 (>^_^)b Industry Role: Join Date: Dec 2011 Posts: 7,196	They said we're not allowed to DDoS or use any kind of bots or scripts and a few other things.. I'm out. __________________ Join the BEST cam affiliate program on the internet! I've referred over $1.7mil in spending this past year, you should join in. I make a lot more money in the medical field in a lab now, fuck you guys. Don't ask me to come back, but do join Chaturbate in my sig, it still makes bank without me touching shit for years..

07-24-2016, 07:51 PM	#40
Smut-Talk I talk smut Industry Role: Join Date: Jul 2016 Location: Somewhere on the webz Posts: 176	I just returned from big G was looking for more info. i can see the kremlin gets lots of traffic from pornhub.. Was that you? but no info on Clifford's hack.

07-24-2016, 08:02 PM	#42
PornDiscounts-V Confirmed User Industry Role: Join Date: Oct 2003 Location: L.A. Posts: 5,739	It always amazes me how little people will work for. If I root you and you are worth $100m+, a bounty of $25k isn't going to cut it. __________________ Blog Posts - Contextual Links - Hardlinks on 600+ Blog Network * Handwritten * 180 C Class IPs * Permanent! * Many Niches! * Bulk Discounts! GFYPosts /at/ J2Media.net

07-25-2016, 06:02 AM	#50
ladida Confirmed User Join Date: Nov 2005 Posts: 2,149	If you read up on the work of the guys that hacked pornhub, their work was amazing. Im pretty sure it took up way more time from way too many people for the 20k they got. I bet their work was less then 8$ an hour if you count it all up. They even have 2 zerodays in the php garbage collector out of it. They sold very cheap. Always funny __________________ agentGFY at gmail.com