Connect with us

Hi, what are you looking for?

Tech & Science

One man could have deleted every video on YouTube

Naked Security reports that security researcher Kamil Hismatullin had been looking around Google services in the hope of finding cross-site request forgery or cross-site scripting issues. These potentially serious vulnerabilities paled dramatically in contrast with what he stumbled across, though.
A major flaw in the YouTube API, used by other applications such as third-party YouTube apps to gain access to the site, meant that he had found a way to delete every single video on YouTube with one simple, small request to the Google servers powering the site.
Alternatively, the flaw could be exploited to delete a specific video by sending its identity number in a POST request. POST is a form of HTTP request usually sent by web browsers and other applications on the internet to get data from web servers; the data sent is invisible to the user of the application, unlike GET, which is sent via the address bar.
The YouTube servers accepted any access token as authentication so Hismatullin found that his simple POST request could delete any video on the site. If he left the video identity number blank, every single video ever uploaded to YouTube would have been removed.
Hismatullin reported the bug to Google who apparently moved with incredible speed to fix it within a few hours, despite it being a Saturday morning. Instead of deleting everything, he uploaded a video to YouTube explaining what he had discovered.
Hismatullin is a member of Google’s new experimental security research program, Vulnerability Research Grants. He received a $5,000 payout from the program, saying “It was fixed in several hours, Google rewarded me $5k and luckily no Bieber videos were harmed.”

Written By

You may also like:

World

Calling for urgent action is the international medical humanitarian organization Doctors Without Borders/Médecins Sans Frontières (MSF)

Business

The cathedral is on track to reopen on December 8 - Copyright AFP Ludovic MARINParis’s Notre-Dame Cathedral, ravaged by fire in 2019, is on...

Business

Saudi Aramco President & CEO Amin Nasser speaks during the CERAWeek oil summit in Houston, Texas - Copyright AFP Mark FelixPointing to the still...

Business

Hyundai on Wednesday revealed plans to invest more than $50 billion in South Korea by 2026.