X

This website uses cookies.

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy.

I agree
Learn More
Cool Gadgets, Gizmos, Games and Geek Stuff on Technabob
VISIT OUR OTHER SITES: THE AWESOMER | 95OCTANE

Fixed YouTube Flaw Let Coder Delete Any YouTube Video: Exploit Nearly Killed the Video Star

by Lambert Varias
Advertisement

Software developer Kamil Hismatullin does software security as a hobby. Recently the search giant invited him to be part of its new Vulnerability Research Grants program, and boy is Google glad it did that. Because Kamil discovered a bug that let him delete any YouTube video with just a few lines of code.

youtube_delete_video_exploit_by_Kamil_Hismatullin_1zoom in

Kamil accidentally found the logic error while poking inside YouTube Creator Studio, the app that lets YouTube members manage their acccounts. Kamil was able to make a Chrome extension that let him delete any YouTube video as long as he had the video’s ID – the group of characters at the end of a YouTube video’s URL – and its session token, which is visible in the video’s source code. Here’s Kamil’s demo of the bug:

I find his choice of music hilarious. Like he wasn’t showing something that could ruin people’s lives. Fortunately, Google responded to Kamil’s report immediately and has since fixed the flaw. Kamil received $5,000 (USD) for his troubles, which doesn’t seem so grand when you consider the severity of the issue. Head to Kamil’s blog for more on his discovery.

[via PC Gamer]

Deals in The Technabob Shop



reStart

reStart

Time Warriors

Time Warriors

2017 MOD-t 3D Printer

2017 MOD-t 3D Printer

Advertisement
Concepts from Future Past: 2001 Ford EX

Concepts from Future Past: 2001 Ford EX

This Double-Wide Jeep Wrangler Doesn’t Fit in a Lane

This Double-Wide Jeep Wrangler Doesn’t Fit in a Lane

This Star Trek Shuttlecraft Car Is the Best Use of a Minivan Ever

This Star Trek Shuttlecraft Car Is the Best Use of a Minivan Ever