florin_darck Posted April 1, 2015 Report Share Posted April 1, 2015 How I could delete any video on YouTubeMarch 31, 2015About Vulnerability Research GrantsFew months ago Google announced a new experimental program called Vulnerability Research Grants. It's a definitely good idea, thanks Google for inventing and trying such cool things!How it works: Google's Security team choses regular reporters and send them such emails:http://kamil.hism.ru/img/about-vrg-and-delete-any-youtube-video-issue/email.pngResearcher selects product/service from the list and looks into the security of it. The goal of VRG is to support research looking for vulnerabilities, so even no vulnerability is found, researcher will receive reward for an attention and spent time. But if, as a result of the grant, vulnerabilities are found, then person will receive both reward for detected issues and a grant amount itself.Security issue on YouTubeAs a frequent google reporter, I've received the email above and decided to spend some time on weekends and look into the security of Google products. I selected YouTube Creator Studio as a target and after a few hours I composed two reports. One of them was about easily exploitable, but pretty high severity issue. Here are few words about it.In YouTube Creator Studio I investigated how live_events/broadcasting systems works. I wanted to find there some CSRF or XSS issues, but unexpectedly discovered a logical bug that let me to delete any video on YouTube with just one following request:POST https://www.youtube.com/live_events_edit_status_ajax?action_delete_live_ev ent=1event_id: ANY_VIDEO_IDsession_token: YOUR_TOKENIn response I got:{ "success": 1}And the video got deleted!Here is a POC video: Source : How I could delete any video on YouTube | Kamil Hismatullin Quote Link to comment Share on other sites More sharing options...
