Menu
YouTube flaw allowed copying comments from one video to another

YouTube flaw allowed copying comments from one video to another

Google has fixed the flaw and paid a bug bounty

An Egypt-based security researcher said Google has fixed an interesting vulnerability he and a colleague found in YouTube.

Ahmed Aboul-Ela wrote on his blog that he and a fellow researcher, Ibrahim Mosaad, wanted to find a problem in a feature on YouTube "that not many bug hunters have tested."

They focused on a setting in YouTube that holds comments for review before they're published. If that feature is enabled, comments are then listed in a control panel labeled "held for review."

Aboul-Ela wrote he intercepted the http request that is sent to Google when a comment is approved. The request contains two parameters: "comment_id" and "video_id."

An error is returned if the video_id is changed to a different one, he wrote. But YouTube accepted changing the content_id number to a different video, which then caused the comment to get copied to that video.

"The original comment from the original video doesn't get removed, and the author of the comment does not get notified that his comment is copied onto another video," Aboul-Ela wrote.

The flaw could have been used in many ways. It could be used to make it appear that a video is more popular that it actually is. Or it could have been used to falsely make it appear a celebrity or public figure commented on something, Aboul-Ela wrote.

Google fixed the vulnerability within a week of being notified on March 25 and paid a US$3,133.70 bug bounty.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Read more: Google, Microsoft serve up security treats for productivity suites


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags GoogleExploits / vulnerabilities

Featured

Slideshows

The making of an MSSP: a blueprint for growth in NZ

The making of an MSSP: a blueprint for growth in NZ

Partners are actively building out security practices and services to match, yet remain challenged by a lack of guidance in the market. This exclusive Reseller News Roundtable - in association with Sophos - assessed the making of an MSSP, outlining the blueprint for growth and how partners can differentiate in New Zealand.

The making of an MSSP: a blueprint for growth in NZ
Reseller News Platinum Club celebrates leading partners in 2018

Reseller News Platinum Club celebrates leading partners in 2018

The leading players of the New Zealand channel came together to celebrate a year of achievement at the inaugural Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months, with more than ​​50 organisations in the spotlight.​​​

Reseller News Platinum Club celebrates leading partners in 2018
Meet the top performing HP partners in NZ

Meet the top performing HP partners in NZ

HP has honoured its leading partners in New Zealand during 2018, following 12 months of growth through the local channel. Unveiled during the fourth running of the ceremony in Auckland, the awards recognise and celebrate excellence, growth, consistency and engagement of standout Kiwi partners.

Meet the top performing HP partners in NZ
Show Comments