Pornhub Bug Bounty Program Statistics | BugBountyHunter.com

Pornhub Program Statistics

63 total issues disclosed

$92,420 total paid publicly

Most disclosed (22 disclosures) — Cross-site Scripting (XSS) - Generic

Disclosed Reports

Report Title	Vulnerability Type	Disclosed By	Severity	Disclosed on
XSS via JavaScript evaluation of an attacker controlled resource at www.pornhub.com	Cross-site Scripting (XSS) - Generic	wh0ru	Medium	2021-06-16
View storyboard of private video @ ht.pornhub.com	Information Disclosure	kaimi	No rating	2020-07-23
Self-XSS to Good-XSS - pornhub.com	Cross-site Scripting (XSS) - Generic	renekroka	High	2020-05-07
xss	Cross-site Scripting (XSS) - Reflected	linkks	Medium	2019-06-12
Stored XSS in photo comment functionality	Cross-site Scripting (XSS) - Generic	dudez	High	2018-10-12
Stored XSS (client-side, using cookie poisoning) on the pornhubpremium.com	Cross-site Scripting (XSS) - Stored	sp1d3rs	Medium	2018-03-27
Possibility to insert stored XSS inside <img> tag	Cross-site Scripting (XSS) - Stored	malacupa	High	2017-11-10
Unsecured Elasticsearch Instance	Improper Authentication - Generic	cyber-guard	High	2017-09-21
Private videos can be added to our playlists	Insecure Direct Object Reference (IDOR)	rahulztez	No rating	2017-08-23
Reflected XSS on ht.pornhub.com - /export/GetPreview	Cross-site Scripting (XSS) - Reflected	ilsani	Low	2017-07-10
http://ht.pornhub.com/ stored XSS in widget stylesheet	Cross-site Scripting (XSS) - Generic	ramsexy	High	2017-07-10
pornhub.com/user/welcome/basicinfo nickname field is vulnerable on xss	Cross-site Scripting (XSS) - DOM	kenziy	Low	2017-07-10
Stored XSS in the any user profile using website link	Cross-site Scripting (XSS) - Stored	sp1d3rs	Medium	2017-07-07
Partial disclosure of Private Videos through data-mediabook attribute information leak	Information Disclosure	sp1d3rs	Medium	2017-07-06
XSS on pornhubselect.com	Cross-site Scripting (XSS) - Reflected	txt3rob	No rating	2017-06-26
Unsecured DB instance	Code Injection	cyber-guard	Critical	2017-06-13
Reflected XSS in login redirection module	Cross-site Scripting (XSS) - Reflected	aghora	High	2017-05-15
Mixed Reflected-Stored XSS on pornhub.com (without user interaction) in the playlist playing section	Cross-site Scripting (XSS) - Generic	sp1d3rs	Low	2017-05-12
Blind Stored XSS against Pornhub employees using Amateur Model Program	Cross-site Scripting (XSS) - Stored	sp1d3rs	High	2017-04-21
Race Condition Vulnerability On Pornhubpremium.com	None supplied	jaydipm	Critical	2017-04-20
IDOR - disclosure of private videos - /api_android_v3/getUserVideos	Improper Authentication - Generic	cyber-guard	No rating	2017-03-27
[xss] pornhubpremium.com, /redeem?code= URL endpoint	Cross-site Scripting (XSS) - Generic	jon_bottarini	Medium	2017-03-16
XSS Vulnerability at https://www.pornhubpremium.com/premium_signup? URL endpoint	Cross-site Scripting (XSS) - Generic	jon_bottarini	Medium	2017-03-15
vulnerabilitie	Improper Authentication - Generic	r0bbyz	No rating	2017-02-23
Stored XSS on the http://ht.pornhub.com/widgets/	Cross-site Scripting (XSS) - Generic	shepard	Medium	2017-02-20
Reflected cross-site scripting (XSS) vulnerability in pornhub.com allows attackers to inject arbitrary web script or HTML.	Cross-site Scripting (XSS) - Generic	edoverflow	Medium	2017-02-14
XSS vulnerability using GIF tags	Cross-site Scripting (XSS) - Generic	alberto__segura	High	2017-02-14
[idor] Profile Admin can pin any other user's post on his stream wall	Improper Authentication - Generic	vijay_kumar1110	No rating	2017-02-13
Wordpress Content injection	Command Injection - Generic	babayaga_	High	2017-02-06
Debug.log file Exposed to Public \Full Path Disclosure\	Information Disclosure	babayaga_	Medium	2017-02-06
Unsecured Kibana/Elasticsearch instance	Server-Side Request Forgery (SSRF)	cyber-guard	Critical	2017-01-30
[IDOR] Deleting other users comment	Improper Authentication - Generic	mikkz	No rating	2016-11-24
[IDOR] post to anyone even if their stream is restricted to friends only	Improper Authentication - Generic	mikkz	No rating	2016-11-11
[idor] Unauthorized Read access to all the private posts(Including Photos,Videos,Gifs)	Improper Authentication - Generic	vijay_kumar1110	No rating	2016-11-05
Disclosure of private photos/albums - http://www.pornhub.com/album/show_image_box	Improper Authentication - Generic	cyber-guard	No rating	2016-10-28
Private Photo Disclosure - /user/stream_photo_attach?load=album&id= endpoint	Privilege Escalation	mikkz	No rating	2016-10-25
[RCE] Unserialize to XXE - file disclosure on ams.upload.pornhub.com	Information Disclosure	5haked	No rating	2016-10-03
XSS ReflectedGET /embed_player?	Cross-site Scripting (XSS) - Generic	clubjk	No rating	2016-10-03
XSS Reflected incategories*p	Cross-site Scripting (XSS) - Generic	clubjk	No rating	2016-10-03
SSRF & XSS (W3 Total Cache)	Cross-site Scripting (XSS) - Generic	jouko	No rating	2016-10-03
[stored xss, pornhub.com] stream post function	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-09-24
Unsecured Grafana instance	Improper Authentication - Generic	cyber-guard	No rating	2016-09-20
[crossdomain.xml] Dangerous Flash Cross-Domain Policy	Information Disclosure	zephrfish	No rating	2016-09-12
HTTP Track/Trace Method Enabled	Information Disclosure	zephrfish	No rating	2016-08-17
[ssrf] libav vulnerable during conversion of uploaded videos	Information Disclosure	agarri_fr	No rating	2016-08-15
(Pornhub & Youporn & Brazzers ANDROID APP) : Upload Malicious APK / Overrite Existing APK / Android BackOffice Access	Code Injection	dremos	No rating	2016-07-27
[phpobject in cookie] Remote shell/command execution	Code Injection	static	No rating	2016-07-27
Weak user aunthentication on mobile application - I just broken userKey secret password	Improper Authentication - Generic	jahrek	No rating	2016-07-27
RCE Possible Via Video Manager Export using @ character in Video Title	Command Injection - Generic	zephrfish	No rating	2016-07-04
Same-Origin Method Execution bug in plupload.flash.swf on /insights	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-06-28
Reflected XSS by way of jQuery function	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-06-28
Publicly exposed SVN repository, ht.pornhub.com	Code Injection	mak	No rating	2016-06-26
CSV Macro injection in Video Manager (CEMI)	Command Injection - Generic	awake	No rating	2016-06-22
Public Facing Barracuda Login	Cryptographic Issues - Generic	zephrfish	No rating	2016-06-22
Multiple endpoints are vulnerable to XML External Entity injection (XXE)	Denial of Service	mak	No rating	2016-06-22
PornIQ Reflected Cross-Site Scripting	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-06-22
Unauthenticated access to Content Management System - www1.pornhubpremium.com	Command Injection - Generic	mak	No rating	2016-05-27
[xss, pornhub.com] /user/[username], multiple parameters	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-05-26
Cross Site Scripting - On Mouse Over, Blog page	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-05-26
Reflected Cross-Site Scripting on French subdomain	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-05-26
Unprotected Memcache Installation running	Improper Authentication - Generic	zephrfish	No rating	2016-05-26
Cross Site Scripting – Album Page	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-05-23
[reflected xss, pornhub.com] /blog, any	Cross-site Scripting (XSS) - Generic	zephrfish	No rating	2016-05-23