Cool Gadgets, Gizmos, Games and Geek Stuff on Technabob
VISIT OUR OTHER SITES: THE AWESOMER | 95OCTANE

Fixed YouTube Flaw Let Coder Delete Any YouTube Video: Exploit Nearly Killed the Video Star

by Lambert Varias
Advertisement

Software developer Kamil Hismatullin does software security as a hobby. Recently the search giant invited him to be part of its new Vulnerability Research Grants program, and boy is Google glad it did that. Because Kamil discovered a bug that let him delete any YouTube video with just a few lines of code.

youtube_delete_video_exploit_by_Kamil_Hismatullin_1zoom in

Kamil accidentally found the logic error while poking inside YouTube Creator Studio, the app that lets YouTube members manage their acccounts. Kamil was able to make a Chrome extension that let him delete any YouTube video as long as he had the video’s ID – the group of characters at the end of a YouTube video’s URL – and its session token, which is visible in the video’s source code. Here’s Kamil’s demo of the bug:

I find his choice of music hilarious. Like he wasn’t showing something that could ruin people’s lives. Fortunately, Google responded to Kamil’s report immediately and has since fixed the flaw. Kamil received $5,000 (USD) for his troubles, which doesn’t seem so grand when you consider the severity of the issue. Head to Kamil’s blog for more on his discovery.

[via PC Gamer]



His House (Trailer)

His House (Trailer)

Klymit Hammock V Air Pad

Klymit Hammock V Air Pad

Stria Folding Ruler

Stria Folding Ruler

Advertisement
Jeep Celebrates 80th Anniversary with Special Editions

Jeep Celebrates 80th Anniversary with Special Editions

Superleggera Touring Aero 3 is a Gorgeous Sports Car with Ferrari F12 Power

Superleggera Touring Aero 3 is a Gorgeous Sports Car with Ferrari F12 Power

2021 Jaguar F-PACE Gets a New Interior, Powertrain Updates, and More

2021 Jaguar F-PACE Gets a New Interior, Powertrain Updates, and More

Advertisement