Hacker Sold Entrée to Pornhub Servers for $1,000

The underground researcher, who is running 1x0123 account of Twitter, offered on Saturday command injection capabilities and also shell access to the Pornhub subdomain for a meager amount of US$ 1,000.

To prove his authenticity about the claims of having details, 1x0123 further released for demonstrating that he/she has Pornhub server access.

Motherboard.vice.com posted on May 15th, 2016, quoting an online chat of Revolver as saying that the bug bounty programs are hated by him because during the past Revolver "reported a lot of bugs but got no reply from companies", and he don't like to disclose the real name.

The hacker inform the CSO Online, which initially reported the tale that he uploaded a shell, mainly the control panel by which any commands can be issued on a server of Pornhub. If it is correct, then it means that Revolver had complete server control. Revolver claimed that he has taken advantage of the vulnerability in "user profile script that handles image uploads" of the Pornhub.

As soon as uploading of the shell is completed, browsing to correct URL helps to open it and also allow the command injection. Briefly, if somebody pays for having access, they will have complete control of the environment.

A Redditor, perhaps the Pornhub admin reacted to 1x0123 charges about compromising of server by mentioning that the hacker posted the image of a test server that is 3yrs. old.

Revolver already has become famous after discovering the SQL injection error in one of the servers of Mossack Fonseca, the company which is originally responsible for the data breach of Panama Papers.

Moreover, during the past weeks, stolen data from servers of Naughty America are also sold by the hacker. Besides, an exploit which allowed access to LA Times backend panel was also sold by him.

The Timeline of his Twitter account is an example of hacks as well as exploits, which are found in companies web servers like SourceForge, Telegram, Outlook.com, the New York Times, NASA, and the US Army.

Few good deeds are also done by Revolver when Edward Snowden was informed about the blind XSS in Piwik self-hosted analytics service used on the website of Freedom of the Press Foundation, which is a project where US whistleblower are involved. Snowden tweeted him personally with thanks.

» SPAMfighter News - 5/20/2016