✉️ Sign up for the mailing list ✉️
https://mailing.bugbountyexplained.com/

? Get $100 in credits for Digital Ocean ?
https://m.do.co/c/cc700f81d215

This video is an explanation of a vulnerability found in Google bug bounty program. The bug was a CSRF (cross-site request forgery) that allowed stealing private and unlisted videos from YouTube.

Report:
https://bugs.xdavidhu.me/google/2021/04/05/i-built-a-tv-that-plays-all-of-your-private-youtube-videos/

Reporter’s twitter:
https://twitter.com/xdavidhu

POC script:
https://gist.github.com/xdavidhu/b264ee21d8586e580adc7f821ddfbfc9

Follow me on twitter:
https://twitter.com/gregxsunday

00:00 Intro
00:35 Pairing YT TV with the browser
03:35 The bug
04:48 Pairing the victim with our TV
05:48 Video ID?

Add comment

Your email address will not be published. Required fields are marked *