Google fixes YouTube bug that allowed hackers to delete any video

YouTube bug that allowed hacker to delete any video fixed by Google

Bieber haters would love this! Imagine a world with Bieber less videos and imagine a bug which could do that. Security researcher Kamil Hismatullin discovered a simple yet powerful bug in YouTube which let him delete any video by making it think he owned the video.

Kamil was invited with a grant of $1337.00 to take part in Google Vulnerability Research Grants which he accepted and decided to take a look at the security of Google products.

He was working with the YouTube Creative Studio when he found out that a logical bug that allowed him to delete any video by entering a video ID against any session token.



event_id: ANY_VIDEO_ID
session_token: YOUR_TOKEN
Response :

 "success": 1

Being a Bieber fan, he wanted to try out his new found exploit by deleting one of Justin Bieber’s videos posted YouTube. Being a gentleman, Kamil didnt do that and instead reported the bug to Google who acknowledged the severity of the but and awarded him $5,000.00.

Here is a PoC video published by Kamil

And yes, Google has fixed the flaw so you cant have a Bieberless world at least for now.

Subscribe to our newsletter

To be updated with all the latest news


Please enter your comment!
Please enter your name here

Subscribe to our newsletter

To be updated with all the latest news

Read More

Suggested Post