It seems that Pornhub has been compromised and the shell access is put up for sale. A Twitter users is offering command injection abilities and shell access to a subdomain on Pornhub for a mere $1,000.
View image on Twitter
#pornhub command injection + shell on subdomain + src for sale— 1x0123 (@1x0123) May 14, 2016
xmpp : revolver@rows.io pic.twitter.com/rWjaUOkkhY
To backup his claims about having the details, 1×0123 has also released to demonstrate he/she has access to the Pornhub server.
This is what happen when your sysadmin(s) forgot to lock directories .. #pornhub pic.twitter.com/lPu1ruRfcI— 1x0123 (@1x0123) May 14, 2016
When asked how the shell was uploaded, 1×0123 said a vulnerability in the user profile script that handles images enabled the shell’s upload. However, 1×0123 stated the user profile flaw isn’t related to the recently disclosed ImageMagick vulnerability.
Once the shell is uploaded, browsing to the proper URL will open it and enable command injection. In short, if someone pays for access, they’ll have full control over the environment.
A Redditor who is probably Pornhub admin retaliated to 1×0123 allegations about compromise of its server by saying that the image posted by the hacker is of a test server 3 years old.
Yeah, we’ve been hacked lol
Not sure what else I can say since I don’t know much. I’m sure it’s not how the devs wanted to be spending their Sunday.
I’ll update when I know more.
edit: First response from devs is that it’s shell access to a really old server that’s no longer active (5+ yrs) because that screenshot is not close to the actual directory structure. (And seeing that Pornhub is still live, the hacker didn’t just change everything around lol)
edit: 2nd response is in this screenshothttps://twitter.com/1×0123/status/731622179922706432 it shows Kernel version 3.15, but we have 3.10 running on production. They are still trying to figure out what server this guy actually gained access to. They think it’s a test server. I feel like if I tweeted and asked him, it would be quicker.
Not sure what else I can say since I don’t know much. I’m sure it’s not how the devs wanted to be spending their Sunday.
I’ll update when I know more.
edit: First response from devs is that it’s shell access to a really old server that’s no longer active (5+ yrs) because that screenshot is not close to the actual directory structure. (And seeing that Pornhub is still live, the hacker didn’t just change everything around lol)
edit: 2nd response is in this screenshothttps://twitter.com/1×0123/status/731622179922706432 it shows Kernel version 3.15, but we have 3.10 running on production. They are still trying to figure out what server this guy actually gained access to. They think it’s a test server. I feel like if I tweeted and asked him, it would be quicker.
The issue is unresolved as of now because Pornhub is still investigating whether it was really hacked. We will update the story once we have comments from them
0 comments:
Post a Comment