[Owasp-leaders] Use-after-free vulnerability information on the wiki

Tom Brennan - OWASP tomb at owasp.org
Mon Jul 25 20:37:00 UTC 2016

Ahh the power of the wiki - restored


Tom Brennan

On Mon, Jul 25, 2016 at 2:59 PM, Antonio Fontes
<antonio.fontes at owasp.org> wrote:
> Leaders,
> There is some traction by several security news sources [1][2]
> reporting a major vulnerability found in Pornhub/PHP (RCE and full
> access to members database).
> The technical analysis[3] written by the authors includes several
> references to OWASP material/wiki for details. One relates to the
> "use-after-free" vulnerability. Unfortunately, the page[4] was deleted
> just a few days before the analysis went online.
> I am guessing there might be some list members who probably wrote a
> description about this vulnerability, which could be rapidly
> contributed/donated into the wiki? That would be great.
> cheers,
> Antonio
> 1: https://www.grahamcluley.com/2016/07/happy-ending-pornhub-vulnerability-researchers-gain-access-entire-user-database/
> 2: http://www.theinquirer.net/inquirer/news/2465902/pornhub-has-been-hacked-but-the-hackers-arent-spilling-anything
> 3:https://www.evonide.com/how-we-broke-php-hacked-pornhub-and-earned-20000-dollar/#Bug_discovery
> 4: https://www.owasp.org/index.php/Using_freed_memory
> _______________________________________________
> OWASP-Leaders mailing list
> OWASP-Leaders at lists.owasp.org
> https://lists.owasp.org/mailman/listinfo/owasp-leaders

The information contained in this message and any attachments may be 
privileged, confidential, proprietary or otherwise protected from 
disclosure. If you, the reader of this message, are not the intended 
recipient, you are hereby notified that any dissemination, distribution, 
copying or use of this message and any attachment is strictly prohibited. 
If you have received this message in error, please notify the sender 
immediately by replying to the message, permanently delete it from your 
computer and destroy any printout.

More information about the OWASP-Leaders mailing list