The takeway:<p><pre><code> You should never use user input on unserialize. Assuming that
using an up-to-date PHP version is enough to protect
unserialize in such scenarios is a bad idea. Avoid it or use
less complex serialization methods like JSON.</code></pre>
OT: Is there a site that curates these kinds of interestingly detailed hacks? Like Dan Luu does for debugging stories? (<a href="https://github.com/danluu/debugging-stories" rel="nofollow">https://github.com/danluu/debugging-stories</a>)
> Using a locally compiled version of PHP we scanned for good candidates for stack pivoting gadgets<p>Surprised that worked. Guess they got lucky and either got the comiler+optization flags the same as the PHP binary used, or the release process can create higly similar builds.
I have some questions about two things in the exploit code that puzzled me:<p><pre><code> my $php_code = 'eval(\'
header("X-Accel-Buffering: no");
header("Content-Encoding: none");
header("Connection: close");
error_reporting(0);
echo file_get_contents("/etc/passwd");
ob_end_flush();
ob_flush();
flush();
\');';
</code></pre>
1. they seem to be using php to code the exploit (solely based on the $ before the variable name) but i've never seen the 'my' keyword before, what exactly is this language?<p>2. if i understand the exploit correctly they got remote code execution by finding the pointer to 'zend_eval_string' and then feeding the above code into it. doesn't that mean the use of 'eval' in the code that is being executed is unnecessary?
So does Pornhub's bug bounty program include some number of years of free paid membership along with financial bounties? Kind of a "treat us right and we'll let you treat yourself right" kind of thing?
Too bad they didn't just go ahead and:<p>> Dump the complete database of pornhub.com including all sensitive user information.<p>And of course leak the data to expose everyone that participates in this nasty business. It is such a sad thing that people are even proud to work at companies like this where humans are not worth more than a big dick or boobs.<p>And then you get around and say that child porn is so horrible. No, <i>all</i> porn is horrible and destroys our families and integrity. How can there be any dignity left if these things are held to be something good?