YouPorn


Most disclosed (4 disclosures) — Improper Authentication - Generic

cyber-guard has disclosed the most with 2 reports!

12 total issues disclosed

$7,750 total paid publicly


Launched on 2016-12-19

Accepts reports via HackerOne



Disclosed Reports


Report Title Vulnerability Type Disclosed By Severity Disclosed on
IDOR allows any user to edit others videos Insecure Direct Object Reference (IDOR) zerody High 2019-11-11
youporn email notification enable/disable and newsletter Violation of Secure Design Principles platinum1933 Medium 2017-10-09
IDOR - Access to private video thumbnails even if video requires password authentication Improper Authentication - Generic nahamsec Medium 2017-08-17
XSS via login cookie Cross-site Scripting (XSS) - Generic myst404 Medium 2017-06-26
DOM-based XSS on youporn.com (main page) Cross-site Scripting (XSS) - DOM sp1d3rs High 2017-06-13
Account hijack via deleted PH account Improper Authentication - Generic cyber-guard Medium 2017-06-13
Find whether a video has been favourited or not, for any user [via YouPorn Mobile API] Improper Authentication - Generic prakharprasad Medium 2017-06-04
I am because bug None supplied b69b1b97b19c1c71b0eed85 Critical 2017-05-05
[Android API] SQL injection ( errortoken.json ) SQL Injection lisa122 Medium 2017-04-22
Time Based SQL-inject in post-parametr login[username] [domain - youporn.com] SQL Injection almaco Critical 2017-04-20
Reflected XSS in Meta Tag Cross-site Scripting (XSS) - Generic myst404 Medium 2017-03-28
Account takeover via Pornhub Oauth Improper Authentication - Generic cyber-guard Medium 2017-02-13