Flaw in YouTube Allows Removal of Any Video

Uploaded on 2015-06-06 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

captura-271-748x400.jpg

The Russian security researcher Kamil Hismatullin has discovered a critical flaw in YouTube that could be exploited by attackers to delete any video the popular video sharing service.

The bug hunter is not new to these discoveries, he reported several flaws to Google in the past and he was awarded $1,337 as part of the company bounty program known as “Vulnerability Research Grants” program.

The goal of the Google program is to invite experts and hacker to analyze the level of security for Google products and services, including YouTube.

Hismatullin spent part of his time in analyzing YouTube Creator Studio where he was looking for cross-site scripting (XSS) and cross-site request forgery (CSRF) fleas when he discovered a logical bug that allowed him to remove any video from YouTube using a simple POST request.

Google fixed the flaw in YouTube a few hours after Hismatullin reported it to Google and he was also awarded $5,000 for his discovery. Google recognized that the flaw was really serious so it awarded the maximum amount of money reserved for the logic flaws that lead to bypassing significant security controls in normal Google applications.

Security Affairs:

 

« Silk Road Investigators Charged for Stealing Bitcoin
Gartner Predicts Three Big Trends for Business Intelligence »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Becrypt

Becrypt

Becrypt is a trusted provider of endpoint cybersecurity software solutions. We help the most security conscious organisations to protect their customer, employee and intellectual property data.

CoSoSys Endpoint Protector

CoSoSys Endpoint Protector

Endpoint Protector by CoSoSys is an advanced all-in-one DLP solution for Windows, macOS, and Linux, that puts an end to unintentional data leaks and protects from malicious data theft.

ComTrue Technologies

ComTrue Technologies

ComTrue Technologies provides artificial intelligence solutions and information security solutions.

ISGroup (Information Security Group)

ISGroup (Information Security Group)

ISGroup services include network penetration testing, Web application penetration testing, ethical hacking, vulnerability assessments, code review and associated training.

CSI

CSI

CSI is a Managed Service Provider (MSP) delivering Hybrid Multi-Cloud, Data Protection, and Cyber Security solutions to highly regulated industries.

Belden

Belden

Belden is a global leader in signal transmission and security solutions for mission-critical applications in enterprise and industrial markets. Belden brands include Hirschmann and Tofino Security.

Perseus Cyber Security

Perseus Cyber Security

Perseus provides all-around digital protection for small and medium-sized businesses through state-of-the-art software solutions, flexible online training and emergency response.

Maven Security Consulting

Maven Security Consulting

Maven Security Consulting helps companies secure their information assets and digital infrastructure by providing a wide range of customized consulting and training services.

LogicalTrust

LogicalTrust

LogicalTrust security testing specialists find the weakest points in your company and show you how to fix them step-by-step, as well as how to improve your security.

Vancord

Vancord

Vancord is an information and security technology company that works in collaboration with clients to support their infrastructure and data security needs for today and tomorrow.

Space Hellas

Space Hellas

Space Hellas is a dynamic, established System Integrator and Value Added Solutions Provider, holding a leading position in the high technology arena.

TrustMe

TrustMe

TrustMe’s integrated platform for business trust and resilience keeps organizations safe, secure, and trustworthy.

Protega

Protega

Protega is a company specialized in Managed Cybersecurity Services (MSS) & SOC 24×7; management, risk & compliance (GRC); implementation of data protection technologies; and Red Team services.

GovSky

GovSky

GovSky streamlines CMMC compliance, saving time and significantly reducing cost.

Internet Watch Foundation (IWF)

Internet Watch Foundation (IWF)

Since the early days of the internet, our job has been to help child victims of sexual abuse by hunting down and removing any online record of the abuse.

Anjolen

Anjolen

Anjolen provides expertise in cybersecurity, compliance and cyber forensic services.