youporn-deutsch.net Cross Site Scripting vulnerability OBB-3837047

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

MAL-2022-790 Malicious code in @youporn/fetlife-assets (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 603675e7aa067faae6c76ee52b00ad6f559d71e6fdb60afbe06533dc0739c02b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

youporn-sexvideos.tv Cross Site Scripting vulnerability

Security Researcher devl00p Helped patch 2581 vulnerabilities Received 10 Coordinated Disclosure badges Received 15 recommendations , a holder of 10 badges for responsible and coordinated disclosure, found a security vulnerability affecting youporn-sexvideos.tv website and its users. Following...

Pornhub: SSRF and local file disclosure by video upload on http://www.youporn.com/

The researcher was successful in exploiting a vulnerability in 3rd encoding party library resulting in the execution of SSRF attacks and Local File Disclosure...

Pornhub: XSS reflected on [https://www.youporn.com]

The researcher managed to obtain arbitrary javascript execution through reflected XSS on the Youtube World's RSS feed...

Pornhub: DOM-based XSS on youporn.com (main page)

The researcher found a DOM-based XSS on the youporn.com main page. The malicious input could be injected into JS comment section //jscomment. Using CRLF %0d%0a in the , it was possible to escape from JS comment section, and execute arbitrary JavaScript. Simple alert box, and crossdomain request...

Pornhub: [Android API] SQL injection ( errortoken.json )

The researcher discovered a blind SQL injection on the YouPorn Android app download link...

Pornhub: Time Based SQL-inject in post-parametr login[username] [domain - youporn.com]

The researcher discovered a time based blind SQL injection on a POST login parameter...

Pornhub: Add a video to favourite list of any user [via YouPorn API / FrontEnd]

Researcher was able to modify the 'userid' value when adding favorites via the YouPorn mobile API in order to add videos to other users' favorites...

Pornhub: Find whether a video has been favourited or not, for any user [via YouPorn Mobile API]

Hi, While testing the mobile API, I came across an issue which allows anyone to check whether a specific video has been favourited by a user or not. The mobile API has the following endpoint which checks whether a video has been favourited or not. However the endpoint is unauthenticated and it is...

Pornhub: Account hijack via deleted PH account

The researcher identified a faulty Oauth implementation allowing YouPorn accounts to be hijacked. The researcher exploited a feature which links Pornhub and YouPorn accounts together by leveraging old accounts which were previously deleted, or where username was changed. A faulty Oauth auth...

Pornhub: Account takeover via Pornhub Oauth

The researcher found it was possible to take over a YouPorn account by using an unverified account with matching email address to sign up to PornHub. this vulnerability works by abusing an insecure OAuth implementation. Due to improperly implemented oauth fuctionality and lack of user information...

youporn.com XSS vulnerability

Vulnerable URL: http://www.youporn.com/?page=2...

Pornhub: (Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access

The researcher discovered weak credentials protecting an Android APK admin page...

Unfixed XSS vulnerability at www.youporn.com.au

Security researcher xylitol, has submitted on 29/08/2008 a cross-site-scripting XSS vulnerability affecting www.youporn.com.au, which at the time of submission ranked 156300 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 03/10/2008. It is...