A Russian software developer was in a position to delete any video on YouTube that he wanted.
And he says he was close to doing just that…
BYPASS THE CENSORS
Sign up to get unfiltered news delivered straight to your inbox.
The opportunity came when he did security research for Google products.
He found the vulnerability when he came across a ‘Logical Bug’ in ‘YouTube Creator Studio’.
Kamil Hismatullin 22, joked that he resisited the urge to erase Justin Bieber’s channel and instead he reported his findings to Google, who promptly responded by fixing the ‘Bug’.
REVEALED: Biden’s IRS In Training To Carry Out Armed Raids on Suburban Homes
Anne Heche Was About To Expose Hollywood Pedophile Ring Before She Died
Operation Mockingbird: MSM Caught Reading EXACT Same Script About FBI’s Trump Raid
How Rockefeller Founded Big Pharma And Waged War On Natural Cures
Bombshell Evidence PROVES Justin Trudeau Is Fidel Castro’s Son
The Global Elites Are Normalizing Pedophilia
Uri Geller Threatens To Nuke Russia Using Just His Psychic Powers
UN Declares Conspiracy Theorists "Public Enemy no.1"
Tesla’s Greatest Inventions Promised ‘Bright Future’ For Humanity Until the Elite Destroyed Them
The security vulnerability could have caused “utter havoc in a matter of minutes in bad hands” according to Mr Hismatullin. Google paid him the sum of $5000 for the research that saved YouTube.
Kamil Hism RU reports: Few months ago Google announced a new experimental program called Vulnerability Research Grants. It’s a definitely good idea, thanks Google for inventing and trying such cool things!
Researcher selects product/service from the list and looks into the security of it. The goal of VRG is to support research looking for vulnerabilities, so even no vulnerability is found, researcher will receive reward for an attention and spent time. But if, as a result of the grant, vulnerabilities are found, then person will receive both reward for detected issues and a grant amount itself.
Security issue on YouTube
As a frequent google reporter, I’ve received the email above and decided to spend some time on weekends and look into the security of Google products. I selected YouTube Creator Studio as a target and after a few hours I composed two reports. One of them was about easily exploitable, but pretty high severity issue. Here are few words about it.
In YouTube Creator Studio I investigated how live_events/broadcasting systems works. I wanted to find there some CSRF or XSS issues, but unexpectedly discovered a logical bug that let me to delete any video on YouTube with just one following request:
In response I got:
And the video got deleted!
Here is a POC video:
In general I spent 6-7 hours to research, considering that couple of hours I’ve fought the urge to clean up Bieber’s channel haha.
Although it was an early Saturday’s morning in SF when I reported issue, Google sec team replied very fast, since this vuln could create utter havoc in a matter of minutes in the bad hands who can used this vulnerability to extort people or simply disrupt YouTube by deleting massive amounts of videos in a very short period of time. It was fixed in several hours, Google rewarded me $5k and luckily no Bieber videos were harmed.
Latest posts by Edmondo Burr (see all)
- Police Arrest Suspect In Supermarket Baby Food Poisoning - October 1, 2017
- Seoul Secures Data From Electromagnetic Interference By N Korea - September 30, 2017
- The ‘World’s First Internet War’ Has Begun: Julian Assange - September 30, 2017