[Owasp-leaders] Use-after-free vulnerability information on the wiki

Antonio Fontes antonio.fontes at owasp.org
Mon Jul 25 18:59:33 UTC 2016


Leaders,

There is some traction by several security news sources [1][2]
reporting a major vulnerability found in Pornhub/PHP (RCE and full
access to members database).

The technical analysis[3] written by the authors includes several
references to OWASP material/wiki for details. One relates to the
"use-after-free" vulnerability. Unfortunately, the page[4] was deleted
just a few days before the analysis went online.

I am guessing there might be some list members who probably wrote a
description about this vulnerability, which could be rapidly
contributed/donated into the wiki? That would be great.

cheers,
Antonio


1: https://www.grahamcluley.com/2016/07/happy-ending-pornhub-vulnerability-researchers-gain-access-entire-user-database/
2: http://www.theinquirer.net/inquirer/news/2465902/pornhub-has-been-hacked-but-the-hackers-arent-spilling-anything
3:https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/#Bug_discovery
4: https://www.owasp.org/index.php/Using_freed_memory


More information about the OWASP-Leaders mailing list