Jump to content
Sign in to follow this  

This one weird trick deletes any YouTube flick in just a few clicks

Recommended Posts


Security bod Kamil Hismatullin has disclosed a simple method to delete any video from YouTube.

The Russian software developer and hacker found videos can be instantly nuked by sending the identity number of a video in a post request along with any token.

Google paid the bug hunter US$5000 for the find along with $1337 under its pre-emptive vulnerability payment scheme in which it slings cash to help recognised researchers find more bugs.

"I wanted to find there some CSRF or XSS issues, but unexpectedly discovered a logical bug that let me to delete any video on YouTube with just one request," Hismatullin says.

"... this vulnerability could create utter havoc in a matter of minutes in [hackers'] hands who could extort people or simply disrupt YouTube by deleting massive amounts of videos in a very short period of time."

Hismatullin says Google responded quickly when he reported the bug Saturday.

He says he spent seven hours finding the bugs and resisted the near overwhelming urge to "clean up Bieber's channel".

Google's Vulnerability Research Grants is described as cash with "no strings attached" that allows known security bods to apply for US$3133.70 to begin bug hunting expeditions.

The search and service giant handed out some $1.5 million last year to bug hunters for reporting vulnerabilities


Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Sign in to follow this  

  • Create New...