Pornhub: Publicly exposed SVN repository,

ID H1:72243
Type hackerone
Reporter mak
Modified 2016-06-25T22:53:22


After I found the subversion repository I visited the following location

I could see the usernames in the repo and the following weak credentials gave me access:


An attacker can commit code to this location which could be mirrored on the main site and result in full remote code execution. This also has all the passwords and keys for the sites listed below and the full source code for the domain. This can be seen in the images below.

> > > > > > > > >