X

This website uses cookies.

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.

I agree
Learn More
Great Geek Gifts in the Technabob Shop!Get Technabob Daily: Join our Mailing List! | Follow Us: Facebook | Twitter
Awesomer Media Sites: THE AWESOMER | MIGHTYMEGA | 95OCTANE
subscribe to our rss feedsubscribe via e-mailfollow technabob on twittertechnabob facebook fan pageGoogle+follow us in feedly
Follow Us:
Cool Gadgets, Gizmos, Games and Geek Stuff on Technabob

Fixed YouTube Flaw Let Coder Delete Any YouTube Video: Exploit Nearly Killed the Video Star

by Lambert Varias
Advertisement

Software developer Kamil Hismatullin does software security as a hobby. Recently the search giant invited him to be part of its new Vulnerability Research Grants program, and boy is Google glad it did that. Because Kamil discovered a bug that let him delete any YouTube video with just a few lines of code.

youtube_delete_video_exploit_by_Kamil_Hismatullin_1zoom in

Kamil accidentally found the logic error while poking inside YouTube Creator Studio, the app that lets YouTube members manage their acccounts. Kamil was able to make a Chrome extension that let him delete any YouTube video as long as he had the video’s ID – the group of characters at the end of a YouTube video’s URL – and its session token, which is visible in the video’s source code. Here’s Kamil’s demo of the bug:

I find his choice of music hilarious. Like he wasn’t showing something that could ruin people’s lives. Fortunately, Google responded to Kamil’s report immediately and has since fixed the flaw. Kamil received $5,000 (USD) for his troubles, which doesn’t seem so grand when you consider the severity of the issue. Head to Kamil’s blog for more on his discovery.

[via PC Gamer]

Hot Deals in the Technabob Shop:



Comments are closed for posts older than 90 days.

Comments (1):

  1. john says:

    Fortunately it didn’t take 90 plus days to fix this vulnerability… Still, with such a heavy investment in Youtube (all the programming dollars spent on maintaining it), I’m shocked that this serious (and simple) bug wasn’t discovered in-house.

    I guess Google programmers are more concerned about adding features, working on tracking and spending time on their investments than security.

More from Awesomer Media...

BioShock: From Rapture to Columbia

BioShock: From Rapture to Columbia

Colin Furze’s Star Wars AT-ACT

Colin Furze’s Star Wars AT-ACT

Second Gen Toyota 86 Confirmed: More Power, Please!

Second Gen Toyota 86 Confirmed: More Power, Please!

Ferrari 488 Challenge Ready for Turbocharged Racing Action

Ferrari 488 Challenge Ready for Turbocharged Racing Action

Mezco One:12 Collective Spider-Man Action Figure

Mezco One:12 Collective Spider-Man Action Figure

Hot Toys Rogue One Chirrut Imwe 1/6 Scale Action Figure

Hot Toys Rogue One Chirrut Imwe 1/6 Scale Action Figure

Advertisement