Bug in YouTube, Delete Videos With One Click

Share it:
A Russian Security researcher have found a simple but critical security vulnerability in Google-owned video sharing site "YouTube" system that allows attacker to delete any video from YouTube. The vulnerability was critical as attacker doesn't need to have any authentication for deleting the video.

Researcher named Kamil Hismatullin, had found the bug while he is looking for the some other bug on YouTube Creator Studio. On searching for bug on YouTube Hismatullin came across a simple logical bug that could wipe up any video by just sending a request to server with any video ID against any session token.

Being a Bieber fan, he wanted to try out his new found exploit by deleting one of Justin Bieber’s videos posted YouTube, but he didn't. on his blog he says - "I've fought the urge to [delete] Bieber's channel," Hismatullin wrote in his blog post. "Luckily no Bieber videos were harmed."

Hismatullin had reported the issue to Google security team as YouTube is owned by Google, under the Google bug bounty program. Search giants have fixed the issue within some hours and for his research work Google had rewarded him $5,000 USD and additionally an extra $1337 under the company’s pre-emptive vulnerability payment scheme.

Earlier a months ago, same type of vulnerability were also reported to Facebook, which allows attacker to delete any photo's album from anyone's Facebook Accounts. 
Share it:

News

Research

Security

Vulnerability

YouTube

Post A Comment:

0 comments:

Follow by Email