- Apr 25, 2013
- 5,354
Hismatullin was looking for possible Cross-Site Scripting (XSS) or Cross-Site Request Forgery (CSRF) flaws in YouTube Studio Creator. He was successfully able to wipe any video present in YouTube just by passing the unique identity number of the video in a POST requestalong with current session token.
The bug though appears to be very simple, is very critical in nature. A hacker knowing about this vulnerability could harm the entire YouTube network by taking down all the videos in a matter of minutes.
Full Article
The bug though appears to be very simple, is very critical in nature. A hacker knowing about this vulnerability could harm the entire YouTube network by taking down all the videos in a matter of minutes.
Full Article