Hacker exploits YouTube by deleting videos with one click

Status
Not open for further replies.

Petrovic

Level 64
Thread author
Verified
Honorary Member
Top Poster
Well-known
Apr 25, 2013
5,354
Hismatullin was looking for possible Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Studio Creator. He was successfully able to wipe any video present in YouTube just by passing the unique identity number of the video in a POST requestalong with current session token.

The bug though appears to be very simple, is very critical in nature. A hacker knowing about this vulnerability could harm the entire YouTube network by taking down all the videos in a matter of minutes.



Full Article
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top