Vulnerability found in YouTube that allowed anyone to delete someone’s video
A Russian security researcher discovered a flaw in YouTube’s system that allowed anyone to delete any video on YouTube. Now this vulnerability is fixed and Google paid the researcher an amount of $5000 for finding this bug.
Kamil Hismatullin was trying to search for a security vulnerability in YouTube in order to win cash rewards that Google gives out to researchers. “I wanted to find there some CSRF or XSS issues, but unexpectedly discovered a logical bug that let me to delete any video on YouTube with just one request,” Hismatullin says. He found that if was very easy to fool YouTube System and delete any video from the server easily. He also demonstrated how he managed to delete a video from YouTube in the video below.
The video above highlighted that YouTube had a flaw and there may be more issues like this waiting for someone to discover them. If Kamil had deleted any video of any famous person then Google might have not paid him. So he decided not to do so.
Kamil Hismatullin was trying to search for a security vulnerability in YouTube in order to win cash rewards that Google gives out to researchers. “I wanted to find there some CSRF or XSS issues, but unexpectedly discovered a logical bug that let me to delete any video on YouTube with just one request,” Hismatullin says. He found that if was very easy to fool YouTube System and delete any video from the server easily. He also demonstrated how he managed to delete a video from YouTube in the video below.
Vulnerability found in YouTube that allowed anyone to delete someone’s video
Reviewed by xdark21
on
10:06 AM
Rating:
Reviewed by xdark21
on
10:06 AM
Rating:
No comments: