Pornhub: SSRF & XSS (W3 Total Cache)

2016-05-14T01:22:59
ID H1:138721
Type hackerone
Reporter jouko
Modified 2016-10-03T20:02:37

Description

The researcher discovered a vulnerable WordPress plugin. The plugin suffers from a server-side request forgery vulnerability that can be exploited in several ways.

The researcher was successful in doing the following: * Accessing a private server-status URL exposing a monitoring tool. * Running a Flash app in pornhub.com's context to perform an XSS-like attack.