This Hacker Gets $ 20,000 After Finding the Gap in PornHub

Previous news about Bug Bounty PornHub program can you read here:
Pornhub Holds Bounty Bug Program With $ 25000 Reward
Well on the 28th yesterday in HackerOne itself it has been confirmed that PornHub has received a report about the bug and its report status has been "closed". In the sense that the bug has also been closed of course.
The inventors of the gap on the PornHub site are three security researchers: Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide).
They found two fatal RCE slots using zero-day vulnerability in PHP, which is the programming language used by PornHub.
The bug is attacking PHP version 5.3.
For details you can read here:
CVE-2016-5771
CVE-2016-5773
Through the gap hackers can access user information in PornHub, meluhat all source code in PornHub, even take over the server with root previleges.

Upon finding the PHP zero-day bugs, in addition to PornHub who reward them for $ 20,000, the Internet Bug Bounty HackerOne also rewards $ 2000.

For details on how the exploit works, they have written their writeup that you can see in the following link:
Fuzzing Unserialize
How we broke PHP, hacked Pornhub and earned $ 20,000

Okay maybe so many articles this time, good afternoon.