Thursday, 2 April 2015

Researcher Could Remove Any YouTube Video


A security researcher has discovered a vulnerability in YouTube so he could remove any video on the popular video site. Kamil Hismatullin Google had received a "fair" to search for vulnerabilities in certain Google services. In late January, Google announced a new experimental program for security researcher. Researchers previously already received a financial reward to investigate vulnerabilities.

Hismatullin focused on YouTube Creator Studio, an app that allows users to manage their YouTube channel and statistics to retrieve. Looking for different vulnerabilities ran the researcher at a logic bug, so he could remove any video via a single request. Specifying a video ID with its own session token proved to be enough. Hismatullin reported the problem on a Saturday morning. Yet it quickly by Google was picked up and corrected within a few hours. For his bugmelding received the investigator $ 5,000. As proof, he made demonstration video below.

No comments:

Post a Comment