Cool Gadgets, Gizmos, Games and Geek Stuff on Technabob
VISIT OUR OTHER SITES: THE AWESOMER | 95OCTANE

Fixed YouTube Flaw Let Coder Delete Any YouTube Video: Exploit Nearly Killed the Video Star

by Lambert Varias
Advertisement

Software developer Kamil Hismatullin does software security as a hobby. Recently the search giant invited him to be part of its new Vulnerability Research Grants program, and boy is Google glad it did that. Because Kamil discovered a bug that let him delete any YouTube video with just a few lines of code.

youtube_delete_video_exploit_by_Kamil_Hismatullin_1zoom in

Kamil accidentally found the logic error while poking inside YouTube Creator Studio, the app that lets YouTube members manage their acccounts. Kamil was able to make a Chrome extension that let him delete any YouTube video as long as he had the video’s ID – the group of characters at the end of a YouTube video’s URL – and its session token, which is visible in the video’s source code. Here’s Kamil’s demo of the bug:

I find his choice of music hilarious. Like he wasn’t showing something that could ruin people’s lives. Fortunately, Google responded to Kamil’s report immediately and has since fixed the flaw. Kamil received $5,000 (USD) for his troubles, which doesn’t seem so grand when you consider the severity of the issue. Head to Kamil’s blog for more on his discovery.

[via PC Gamer]



10-hour Soap Bubble

10-hour Soap Bubble

adidas Archive_M3 Watches

adidas Archive_M3 Watches

Green Disc Bike Chain Lubricator

Green Disc Bike Chain Lubricator

Advertisement
Simulating Driving on Other Planets

Simulating Driving on Other Planets

From the Vaults: Ford F100 Exploding Balloon Commercial

From the Vaults: Ford F100 Exploding Balloon Commercial

Stunning Blue 1976 Lamborghini Countach ‘Periscopica’ for Sale

Stunning Blue 1976 Lamborghini Countach ‘Periscopica’ for Sale

Advertisement