Flaw in YouTube Allows Removal of Any Video

Uploaded on 2015-06-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

captura-271-748x400.jpg

The Russian security researcher Kamil Hismatullin has discovered a critical flaw in YouTube that could be exploited by attackers to delete any video the popular video sharing service.

The bug hunter is not new to these discoveries, he reported several flaws to Google in the past and he was awarded $1,337 as part of the company bounty program known as “Vulnerability Research Grants” program.

The goal of the Google program is to invite experts and hacker to analyze the level of security for Google products and services, including YouTube.

Hismatullin spent part of his time in analyzing YouTube Creator Studio where he was looking for cross-site scripting (XSS) and cross-site request forgery (CSRF) fleas when he discovered a logical bug that allowed him to remove any video from YouTube using a simple POST request.

Google fixed the flaw in YouTube a few hours after Hismatullin reported it to Google and he was also awarded $5,000 for his discovery. Google recognized that the flaw was really serious so it awarded the maximum amount of money reserved for the logic flaws that lead to bypassing significant security controls in normal Google applications.

Security Affairs:

 

« Silk Road Investigators Charged for Stealing Bitcoin
Gartner Predicts Three Big Trends for Business Intelligence »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Tines

Tines

The Tines security automation platform helps security teams automate manual tasks, making them more effective and efficient.

Cognizant

Cognizant

Cognizant offer services and solutions for IT Infrastructure Security, Enterprise Mobility and Internet of Things.

Identity Automation

Identity Automation

Identity Automation is a leading provider of Identity and Access Management software.

Internet Storm Center (ISC)

Internet Storm Center (ISC)

ISC provides a free analysis and warning service to thousands of Internet users and organizations, and is actively working with ISPs to fight back against the most malicious attackers.

Veriato

Veriato

Veriato develops intelligent solutions that provide companies with visibility into the human behaviors and activities occurring within their network, making them more secure and productive.

Nexus Group

Nexus Group

Nexus Group develops identity solutions for physical and digital access.

Ravelin Technology

Ravelin Technology

Ravelin prevents chargebacks, fraud, and account takeover. Machine learning and human insight combine for highly accurate fraud detection and prevention.

Osirium

Osirium

The Osirium PxM Privileged Access Management platform addresses both security and compliance requirements by defining who gets access to what and when.

Clone Systems

Clone Systems

Clone Systems is an award winning global cloud based managed security as a service provider.

SurePassID

SurePassID

SurePassID is a provider of highly secure, highly extensible multi-factor authentication (MFA) solutions.

Jamf

Jamf

Jamf is the only Apple Enterprise Management solution of scale that remotely connects, manages and protects Apple users, devices and services.

SessionGuardian

SessionGuardian

SessionGuardian (formerly SecureReview) is the world's first and only technology which ensures second-by-second biometric identity verification of your remote user, from log on to log off.

rSolutions

rSolutions

rSolutions delivers managed cybersecurity services to clients in many industry sectors including financial services, telecommunications, energy, government and retail.

Helix Security Services

Helix Security Services

Helix Security provides IT & information security consultancy to government and businesses across New Zealand.

DV Cyber Security

DV Cyber Security

DV Cyber (formerly A76) is an innovative cyber security company vertically focused on Threat Intelligence and Cyber Security Research.

NewEvol

NewEvol

Don’t React, Evolve! Outsmart threats with real-time AI-powered dynamic defense capability of NewEvol all-in-one cybersecurity platform.

Runtime Ventures

Runtime Ventures

Runtime Ventures focuses on seed and pre-seed stage cybersecurity investments. We love to work with ambitious founders building the future of the secure enterprise.