Pornhub: Blind XSS in redtube administering site my.reflected.net

Researcher was able to execute Blind XSS in Redtube WAF administering panel Blind XSS in Redtube WAF administering panel...

Pornhub: SSRF and local file disclosure by video upload on https://www.redtube.com/upload

The researcher was successful in exploiting a vulnerability in 3rd party encoding library resulting in the execution of SSRF attacks and Local File Disclosure...

Pornhub: CSRF Full Account Takeover - https://redtube.com/settings

The researcher was able to account takeover by exploiting a vulnerability within 'User Settings' where the form was not authenticated by CSRF token. An attacker could take over any user account :...

blog.redtube.com XSS vulnerability

Open Bug Bounty ID: OBB-655393 Description| Value ---|--- Affected Website:| blog.redtube.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...

Pornhub: Reflect XSS on Mobile Search page

The user was able to exploit the 'search' parameter being reflected in the page body in order to execute reflected XSS within the context of Redtube. Many of developer confuse that adding slashes at double quotes can protect the xss. However, At the DOM, Adding slashes is not protecting XSS...

Pornhub: Stored XSS in galleries - https://www.redtube.com/gallery/[id] path

Researcher successfully closed the image 'alt' attribute and injected javascript by intercepting the album creation request and submitting an XSS payload as the album title. This led to stored cross-site scripting on the user's album page, executed against any users who visited the album. Stored...

Pornhub: Stored XSS on the https://www.redtube.com/users/[profile]/collections

Researcher successfully closed the image 'alt' attribute and injected javascript by submitting an XSS payload as the collection title. This led to stored cross-site scripting on the user's collections page, executed against any users who visited the user's collections. The user's favorites page w...

Pornhub: Mobile Reflect XSS / CSRF at Advertisement Section on Search page

The researcher identified a search query parameter vulnerable to cross-site scripting in the Mobile view. It is same vulnerability of redtube's mobile search page. The report is 380246 . This vulnerability is performed XSS because protecting with adding slashes at double quoters. At the tag's...

Redtube Blog Cross Site Scripting

Title : Cross Site Scripting in RedTube Official Blog. Author : Ryuzaki Lawlet Blog : justryuz.blogspot.com / www.justryuz.com E-mail : [email protected] / [email protected] / [email protected] Date: June 6/2013 4.44 pm Vendor: http://wordpress.org/plugins/nextgen-gallery/ Type : Web...