Poster un message

We’ve got found two use-after-free vulnerabilities in PHP’s rubbish assortment algorithm. Those vulnerabilities were remotely exploitable over PHP’s unserialize function. We had been also awarded with $2,000 by the Internet Bug Bounty committee (c.f. Many thanks go out to cutz for co-authoring this article. Pornhub’s bug bounty program and its comparatively excessive rewards on Hackerone caught our consideration. That’s why we now have taken the perspective of a complicated attacker with the full intent to get as deep as potential into the system, focusing on one predominant objective : (...)