“How we broke PHP, hacked Pornhub and earned $20,000”

Date posted: 2016-07-24
Last updated: 2025-12-19

It all started by auditing Pornhub, then PHP and ended in breaking both… We have gained remote code execution on pornhub.com and have earned a $20,000 bug bounty on Hackerone. We have found two use-after-free vulnerabilities in PHP's garbage collection algorithm. Those vulnerabilities were remotely exploitable over PHP's unserialize function.

apt-cache search monit lists "monit – utility for monitoring and managing daemons or similar programs"

This is a very interesting read on how Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide) were able to find a PHP unserialize bug to exploit and gain remote code execution on Pornhub. Pornhub’s bug bounty program is at Hackerone. In stead of actively attacking Pornhub, they took another road and attacked what Pornhub is built upon: PHP.

Read on at evonide.com: How we broke PHP, hacked Pornhub and earned $20,000.

Rate this post!
“How we broke PHP, hacked Pornhub and earned $20,000”
Optimize(d) WordPress hosting (9+ practical tips)

Leave a Comment


Reach out to us for sponsorship opportunities

Vivamus integer non suscipit taciti mus etiam at primis tempor sagittis euismod libero facilisi.

Contact Us

© 2026 Scribe

Privacy Policy Terms of Service
Share via
Facebook
X (Twitter)
LinkedIn
Mix
Email
Print
Copy Link
Copy link
CopyCopied