Cool Gadgets, Gizmos, Games and Geek Stuff on Technabob
VISIT OUR OTHER SITES: THE AWESOMER | 95OCTANE

Fixed YouTube Flaw Let Coder Delete Any YouTube Video: Exploit Nearly Killed the Video Star

by Lambert Varias
Advertisement

Software developer Kamil Hismatullin does software security as a hobby. Recently the search giant invited him to be part of its new Vulnerability Research Grants program, and boy is Google glad it did that. Because Kamil discovered a bug that let him delete any YouTube video with just a few lines of code.

youtube_delete_video_exploit_by_Kamil_Hismatullin_1zoom in

Kamil accidentally found the logic error while poking inside YouTube Creator Studio, the app that lets YouTube members manage their acccounts. Kamil was able to make a Chrome extension that let him delete any YouTube video as long as he had the video’s ID – the group of characters at the end of a YouTube video’s URL – and its session token, which is visible in the video’s source code. Here’s Kamil’s demo of the bug:

I find his choice of music hilarious. Like he wasn’t showing something that could ruin people’s lives. Fortunately, Google responded to Kamil’s report immediately and has since fixed the flaw. Kamil received $5,000 (USD) for his troubles, which doesn’t seem so grand when you consider the severity of the issue. Head to Kamil’s blog for more on his discovery.

[via PC Gamer]



IKEA Frekvens Collection

IKEA Frekvens Collection

Everdure Cube Portable Grill

Everdure Cube Portable Grill

Hot Ones: The Game Show

Hot Ones: The Game Show

Advertisement
A Duo of Jaguar F-TYPE SVR GT4 Race Cars Up for Sale

A Duo of Jaguar F-TYPE SVR GT4 Race Cars Up for Sale

2020 Ford GT Liquid Carbon Edition Close-up Photo Gallery

2020 Ford GT Liquid Carbon Edition Close-up Photo Gallery

2021 Cadillac Escalade Brings the Tech

2021 Cadillac Escalade Brings the Tech

Advertisement