Must Read

Security flaw in youtube gave hackers power to erase videos

Google fixed a vulnerability in youtube that let you delete Videos with one click.

Security flaw in youtube

Russian security engineer Kamil Hismatullin discovered a serious security flaw in YouTube popular video sharing platform. The vulnerability allows hackers to delete any video from youtube without any authentication or permission for deleting the video, all he needed was video-id. He exploited the flaw by sending identity id of a video with post request and any token simple request like one below

POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_event=1
event_id: “video id”
session_token: “your token numb.”

The tricky part is “delete_live_event” All he needed is to fill youtube video id, and youtube would delete it without checking if he is actually the owner of a certen video.
Kamil reported the vulnerability to Google bug bounty program, and for his research work Google rewarded him 5,000$ for finding the problem.

He made a joke to delete Justin Bieber youtube channel, but he didn’t realise that move would save humanity.

Avatar
About nona (27 Articles)
Founder of The Hack Times, information gathering and cyber security specialist , always one step ahead. Open for communication.