Hacking News how-to-delete-youtube-video

Published on April 2nd, 2015 | Post Views: 2,788  Hits Post Views

How Hackers Could Delete Any YouTube Video With Just One Click

A security researcher has discovered a simple but critical vulnerability in Google-owned YouTube that could be exploited by anyone to knock down the whole business of the popular video sharing website.
Kamil Hismatullin, a Russian security bod, found a simple logical vulnerability that allowed him to delete any video from YouTube in one shot.
While looking for Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Creator Studio, Hismatullin came across a simple logical bug that could wipe up any video by just sending an identity number of any video in a post request against any session token.

▼Advertisements

The bug was simple but critical as it could be exploited by an attacker to fool YouTube easily into deleting any video on its system.

“I’ve fought the urge to [delete] Bieber’s channel,” Hismatullin wrote in his blog post. “Luckily no Bieber videos were harmed.”

Citing the consequences of the issue, Hismatullin said “this vulnerability could create utter havoc in a matter of minutes in [attackers’] hands who could extort people or [just] disrupt YouTube by deleting massive amounts of videos in a very short period of time.”
The researcher reported the bug to Google, and the search engine giant fixed the issue within several hours. Hismatullin won $5,000 cash reward from Google for finding and reporting the critical issue and an extra $1337 under the company’s pre-emptive vulnerability payment scheme.
Over a month ago, a similar bug was reported in Facebook’s own systems that could have exploited by attackers to delete any photo from anyone’s Facebook account. However, the social networking giant fixed the relatively simple issue.












3 Responses to How Hackers Could Delete Any YouTube Video With Just One Click

  1. harry says:

    Hey guys, am a professional #blackhathacker. I specialize in recovery of any lost or stolen accounts,(Facebook, Instagram , yahoo, Whatsapp and twitter) and any other specialized service you may require. Only serious people should contact me via: mithackerurrep014 @outlook. com

Leave a Reply

Back to Top ↑

Read previous post:
Java Oracle
Oracle Security At Risk: Java.net Pwn3d By a White Hat Hacker

Usually, Big Companies are in a Top-Level in terms of Cyber Security! Unfortunately is not the case of ORACLE, the notorious software-house of...

Close