Pornhub: Partial disclosure of Private Videos through data-mediabook attribute information leak

ID H1:228495
Type hackerone
Reporter sp1d3rs
Modified 2017-07-06T18:15:48


The researcher discovered a bug where the direct urls of private video thumbnails were leaked in the data-mediabook attribute of the cover image. There was a possibility to view the short version of any private video due to the leaking of direct URL in the data-mediabook attribute of the thumbnail. Thanks to the PornHub team for the fast fix and the bounty!