Google Fixes Youtube Bug That Allowed Hackers To Delete Any Video

Kamil was invited with a grant of $1337.00 to take part in Google Vulnerability Research Grants which he accepted and decided to take a look at the security of Google products. He was working with the YouTube Creative Studio when he found out that a logical bug that allowed him to delete any video by entering a video ID against any session token. PoC Being a Bieber fan, he wanted to try out his new found exploit by deleting one of Justin Bieber’s videos posted YouTube. Being a gentleman, Kamil didnt do that and instead reported the bug to Google who acknowledged the severity of the but and awarded him $5,000.00. Here is a PoC video published by Kamil

And yes, Google has fixed the flaw so you cant have a Bieberless world at least for now.