Pornhub: Publicly exposed SVN repository, ht.pornhub.com

2015-06-23T18:01:35
ID H1:72243
Type hackerone
Reporter mak
Modified 2016-06-25T22:53:22

Description

After I found the subversion repository I visited the following location https://netreact.eu/hubtraffic

I could see the usernames in the repo and the following weak credentials gave me access:

stefan:123456

An attacker can commit code to this location which could be mirrored on the main site and result in full remote code execution. This also has all the passwords and keys for the sites listed below and the full source code for the hubxt.pornhub.com domain. This can be seen in the images below.

>redtube.com >pornhub.com >tube8.com >youporn.com >keezmovies.com >spankwire.com >redtube.com >extremetube.com >gaytube.com