Shortly after Pornhub announced their Bug Bounty program, a gray hat hacker known as Revolver released claims that the website’s web server was compromised. Were his claims true or just a cry for attention? Let’s see.
Read More about PH’s Bug Bounty Program
On May 14, Revolver/ @1×0123 posted screenshots on Twitter under the username @1×0123. The screenshots were supposed to show that he had exploited a flaw in Pornhub and had shell access to a Pornhub subdomain. The hacker even went further by promising to sell it for just $1000.
Revolver’s tweet attracted the attention of Steve Ragan. The information security author reported the story about the asserted breach and published it on CSOonline. The author asked Revolver how he got the shell on the subdomain and what exploit he used. The grey hat replied that he used vulnerability in the user profile script that handles image uploads to get shell uploaded, “then browse to uploads path + command inject“.
What Did Pornhub Say?
Even though it may take a lot of time and effort for a vendor to verify a breach, Pornhub responded the next day, saying that they looked into Revolver’s claim only to find out it was bogus. In a statement to CSOonline, Pornhub wrote that Revolver’s attack is not technically feasible, and that no systems were breached. Furthermore, the image with PHP shell code was fake, and Pornhub’s server wasn’t configured to execute PHP.
Who Is Revolver/ @1×0123?
According to Motherboard, Revolver is a 19-year-old Moroccan gray hat who has previously made similar claims for other websites (LA Times and Mossack Fonseca). Interestingly, Revolver got credit for disclosing a flaw in Snowden’s website, and this brought him public gratitude from Snowden himself.
In terms of Pornhub’s alleged breach, Revolver has decided to stay silent, tweeting:
Milena Dimitrova
An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim
Follow Me: