After two months of research, a Brazilian identified as Pedr4uz found vulnerabilities on popular porn sites, such as Pornhub, Redtube, YouPorn and Tube8, all owned by MindGeek. In total, five flaws based on user-side code injection were discovered.
As the researcher explains, attackers only needed to generate a fake link. Thus, when the user clicked, access to all sessions, user accounts, as well as activity records on the sites, such as credit card data used for purchases, would be released.
“The only thing that was needed was for the user to click on the link … If I sent an adulterated link to an employee at one of these sites and he clicked, his session would be mine […] These loopholes could also be used to steal employee accounts, with administrator privileges on the website ”, explained Pedr4uz.
As a reward, the bounty bug platform HackerOne paid US $ 1000 (about R $ 5,370 at the current price), referring to the discovery of two bugs on Redtube, one on Pornhub and the other on YouPorn.
Tube8 firewall was enabled
You may be asking yourself: if the researcher found five failures, why was he rewarded for only four of them? Although Tube8 also presented the vulnerability identified by Pedr4uz, the website’s firewall was working correctly, preventing the requests of attackers from being met.
“As much as it was possible to control what would be reflected on the user’s page, the firewall blocked my requests,” he explains. With that, HackerOne disregarded the discovery on the site.
In addition to these vulnerabilities, Pedr4uz reported other YouPorn-specific errors even more serious than the others, since they allow attacks such as “Cache Poisoning” and “DNS Spoofing”, directed at the company’s server. The error, however, was already known to the company, which is making the necessary corrections.