Kazan programmer rescued from hacking YouTube – INNOV.RU – Nizhny Novgorod business ON-LINE
04.04.15 9:23 | Text: Elena Tkachenko | Photo: susanin. udm.ru
1161
Finding a bug took 6 to 7 hours.
Kazan programmer Camille Hismatullin discovered a vulnerability in the service YouTube, which allows you to delete all videos from video sharing. This is the guy said in his blog.
Kamil said that the vulnerability was discovered in the YouTube Creator Studio – a service that allows authors to view analytics on their videos uploaded through the application. Programmer noticed that due to a bug in any movie could be sent off for half a minute using a copy of the video and the reference address of the authentication token (or tokens), who works as a password.
According to Khismatullina, the problem is that the system will accept any authentication token, while according to the rules it should only recognize the token, which belongs to your account Uploader. That is why the copying of any token allows you to delete videos other users without any difficulty.
In his blog, the programmer said that the discovery of the bug took 6 to 7 hours. We also know that Camille wrote Google, which owns YouTube, the vulnerability within the framework of the program launched in January the company to find vulnerabilities in its services, to which the Internet giant said immediately.
Within a few hours the company has eliminated the problem of service and gave the guy a fee in the amount of five thousand dollars.
to the list of all the news
More Coverage
NOTES
‘+’
‘+’ ‘ + ‘
‘ + ‘
‘ + ‘
‘ + ‘
For example: http://www.youtube.com/watch?v=j8YcLyzJOEg or www.mysite.com/video/my_video.mp4
‘+’
‘+’
‘ + ‘
‘ + ‘‘ + ‘x’ + ‘ ‘+’
‘+’
‘; return {title: “Embed”, innerHTML: str, width: 480, OnLoad: function () {pObj.pPath = BX (pObj.pLEditor.id + “lhed_forum_video_path”); pObj.pWidth = BX (pObj.pLEditor.id + “lhed_forum_video_width”); pObj.pHeight = BX (pObj.pLEditor.id + “lhed_forum_video_height”); pObj.pLEditor.focus (pObj.pPath); }, OnSave: function () {pLEditor = window.oLHE; var src = BX.util.trim (pObj.pPath.value), w = parseInt (pObj.pWidth.value) || 400, h = parseInt (pObj.pHeight.value) || 300; if (src == “”) return; if (pLEditor.sEditorMode == ‘code’ & amp; & amp; pLEditor.bBBCode) // BB Codes {pLEditor.WrapWith (“”, “”, “[VIDEO WIDTH =" + w + "HEIGHT =" + h + " ] “+ src +” [/VIDEO] “); } Else if (pLEditor.sEditorMode == ‘html’) // WYSIWYG {pLEditor.InsertHTML (‘‘);}}};};} catch (e) {alert (‘Errors in customization scripts!’ + E);} if (false || JCLightHTMLEditor .items ['REVIEW_TEXT'] == undefined) {top.oLHE = window.oLHE = new window.JCLightHTMLEditor({‘id’:’REVIEW_TEXT’,’content’:”,’bBBCode’:true,’bUseFileDialogs’:false,’bUseMedialib’:false,’arSmiles’:[{'name':'С улыбкой','path':'/bitrix/images/forum/smile/smile1.gif','code':':)'},{'name':'подмигнуть','path':'/bitrix/images/forum/smile/smile7.gif','code':';)'},{'name':'tongue','path':'/bitrix/images/forum/smile/smile84.gif','code':':tongue:'},{'name':'Удивленно','path':'/bitrix/images/forum/smile/smile8.gif','code':':o'},{'name':'Смеятся','path':'/bitrix/images/forum/smile/smile3.gif','code':':D'},{'name':'Печально','path':'/bitrix/images/forum/smile/smile2.gif','code':':('},{'name':'Очень грустно','path':'/bitrix/images/forum/smile/smile262.gif','code':':cry:'},{'name':'Смущенно','path':'/bitrix/images/forum/smile/smile10.gif','code':':oops:'},{'name':'Поцелуй','path':'/bitrix/images/forum/smile/smile203.gif','code':':{}'},{'name':'witch','path':'/bitrix/images/forum/smile/smile289.gif','code':':witch:'},{'name':'sport','path':'/bitrix/images/forum/smile/smile293.gif','code':':sport:'},{'name':'rose','path':'/bitrix/images/forum/smile/smile141.gif','code':':rose:'},{'name':'king','path':'/bitrix/images/forum/smile/smile168.gif','code':':king:'},{'name':'eat','path':'/bitrix/images/forum/smile/smile284.gif','code':':eat:'},{'name':'warrior','path':'/bitrix/images/forum/smile/smile349.gif','code':':warrior:'},{'name':'tea','path':'/bitrix/images/forum/smile/smile192.gif','code':':tea:'},{'name':'angel','path':'/bitrix/images/forum/smile/smile179.gif','code':':angel:'},{'name':'friend','path':'/bitrix/images/forum/smile/smile107.gif','code':':frien d:'},{'name':'fly','path':'/bitrix/images/forum/smile/smile79.gif','code':':fly:'},{'name':'wall','path':'/bitrix/images/forum/smile/smile59.gif','code':':wall:'},{'name':'crazy','path':'/bitrix/images/forum/smile/smile57.gif','code':':crazy:'},{'name':'мир','path':'/bitrix/images/forum/smile/smile13.gif','code':'[peace]‘},{‘name’:’beer’,’path’:’/bitrix/images/forum/smile/smile19.gif’,’code’:’:beer:’},{‘name’:’Со злостью’,’path’:’/bitrix/images/forum/smile/smile22.gif’,’code’:’:evil:’}],’arFonts’:['Arial','Verdana','Times New Roman','Courier','Tahoma','Georgia','Optima','Impact','Geneva','Helvetica'],’arFontSizes’:{’1′:’xx-small’,’2′:’x-small’,’3′:’small’,’4′:’medium’,’5′:’large’,’6′:’x-large’,’7′:’xx-large’},’inputName’:’REVIEW_TEXT’,’inputId’:”,’videoSettings’:{‘maxWidth’:’640′,’maxHeight’:’480′,’WMode’:’transparent’,’windowless’:true,’bufferLength’:’20′,’skin’:’/bitrix/components/bitrix/player/mediaplayer/skins/bitrix.swf’,’logo’:”},’bSaveOnBlur’:true,’bResizable’:true,’autoResizeSaveSize’:true,’bManualResize’:true,’bAutoResize’:true,’bReplaceTabToNbsp’: true,’bSetDefaultCodeView’:false,’bBBParseImageSize’:true,’smileCountInToolbar’:’3′,’bQuoteFromSelection’:true,’bConvertContentFromBBCodes’:false,’oneGif’:’/bitrix/images/1.gif’,’imagePath’:’/bitrix/images/fileman/light_htmledit/’,’width’:’100%’,’height’:’100px’,’toolbarConfig’:['Bold','Italic','Underline','Strike','ForeColor','FontList','FontSizeList','Quote','CreateLink','DeleteLink','Image','ForumVideo','SmileList','RemoveFormat','Translit','Source'],’bParceBBImageSize’:true,’ctrlEnterHandler’:’reviewsCtrlEnterHandler’}); BX.onCustomEvent (window, ‘LHE_ConstructorInited’, [window.oLHE]);}} if (! Window.JCLightHTMLEditor) { BX.loadCSS(“//www.innov.ru.css.1c-bitrix-cdn.ru/bitrix/js/fileman/light_editor/light_editor.css?1401951238″); LHE_MESS = window.LHE_MESS = “{‘Image’: ‘image’, ‘Video’: ‘Video’, ‘ImageSizing’: ‘Dimensions (W x H)’}”; (window.BX || top.BX). message ({‘CreateLink’: ‘Link’, ‘EditLink’: ‘Edit ссылку’,’DialogSave’:’Сохранить’,’DialogCancel’:’Отменить’,’DialogClose’:’Закрыть’,’Width’:’Ширина’,’Height’:’Высота’,’Source’:’Режим HTML-code ‘,’ BBSource ‘:’ Mode BB-Code’,’On’:’включено’,’Off’:’выключено’,’Anchor’:’Якорь’,’DeleteLink’:’Удалить link ‘,’ Image ‘:’ image ‘,’ EditImage ‘:’ Edit Image ‘,’ SpecialChar ‘:’ Paste спецсимвол’,’Bold’:’Жирный’,’Italic’:’Курсив’,’Underline’:’Подчеркнутый’,’Strike’:’Зачеркнутый’,’RemoveFormat’:’Удалить Formatting ‘,’ InsertHr ‘:’ Insert horizontal separator ‘,’ JustifyLeft ‘:’ Left ‘,’ JustifyCenter ‘:’ Centered ‘,’ JustifyRight ‘:’ Align Right ‘,’ JustifyFull ‘:’ Justified ‘ , ‘Outdent’: ‘Decrease Indent’, ‘Indent’: ‘Increase Indent’, ‘OrderedList’: ‘Numbered lists’,’ UnorderedList ‘:’ List with маркерами’,’InsertTable’:’Таблица’,’SmileList’:’Смайлы’,’HeaderList’:’Формат’,’FontList’:’Шрифт’,’FontSizeList’:’Размер font ‘,’ BackColor ‘:’ Background Color ‘,’ ForeColor ‘:’ Font Color ‘,’ Video ‘:’ Video ‘,’ InsertVideo ‘:’ Embed ‘,’ EditVideo ‘:’ Edit Video ‘,’ VideoProps’ ‘Video settings’, ‘VideoPath’: ‘The path to the video file’, ‘VideoPreviewPath’: ‘The path to the drawing preview’, ‘VideoAutoplay’: ‘Automatically start playing’, ‘VideoVolume’: ‘The volume’, ‘LinkProps’: ‘Setup links’,’ LinkText ‘:’ Text Link ‘,’ LinkHref ‘:’ URL ‘,’ LinkTitle ‘:’ tooltip ‘,’ LinkTarget ‘:’ Open link in ‘,’ LinkTarget_def ‘:’ – not to specify – ‘,’ LinkTarget_blank ‘:’ new window ‘,’ LinkTarget_parent ‘:’ parent window ‘,’ LinkTarget_self ‘:’ the window ‘,’ LinkTarget_top ‘:’ outermost ‘,’ AnchorProps ‘:’ Options anchors ‘,’ AnchorName ” The name of the anchor ‘,’ ImageProps ‘:’ Image Settings ‘,’ ImageSrc ‘:’ The path to the image ‘,’ ImageTitle ‘:’ tooltip ‘,’ ImgAlign ‘:’ Alignment ‘,’ ImgAlignTop ‘:’ at the top border ‘,’ ImgAlignRight ‘:’ right ‘,’ ImgAlignBottom ‘:’ at the lower end ‘,’ ImgAlignLeft ‘:’ left ‘,’ ImgAlignMiddle ‘:’ in the middle ‘,’ ImageSizing ‘:’ Dimensions (W x H) ‘ , ‘ImageSaveProp’: ‘Save пропорции’,’ImagePreview’:’Предпросмотр’,’Normal’:’Обычный’,’Heading’:’Заголовок’,’Preformatted’:’Преформатирован’,’DefaultColor’:’По default ‘,’ DragFloatingToolbar ‘:’ toolbar ‘,’ Quote ‘:’ Making the text in the form of quotes’, ‘InsertCode’: ‘Making the text in the form of a code’, ‘InsertCut’: ‘Making text preview’, ‘Translit’: ‘Recoding transliteration / Latin’, ‘CutTitle’: ‘Limitation text предпросмотра’,’TableRows’:’Строк’,’TableCols’:’Столбцов’,’TableModel’:’Макет’,’ListItems’:’Элементы list ‘,’ AddLI ‘:’ Add item ‘,’ AddLITitle ‘:’ Put an item in the list (Enter) ‘,’ DelListItem ‘:’ Remove item from the list ‘,’ ResizerTitle ‘:’ Resize ‘,’ CodeDel ‘: ‘Press (Shift + Del) to remove any piece of code’, ‘OnPasteProcessing’: ‘is being processed pasted text …’}); BX.loadScript (["/ bitrix / js / fileman / light_editor / le_dialogs.js? 1401951238 "," /bitrix/js/fileman/light_editor/le_controls.js?1416988238 "," /bitrix/js/fileman/light_editor/le_toolbarbuttons.js?1401951238 "," /bitrix/js/fileman/light_editor/le_core.js? 1426843062 "], _lheScriptloaded);} else {_lheScriptloaded ();}} BX.ready (function () {LoadLHE_REVIEW_TEXT ();});
->
->
archive: 2013 2012 2011 1999-2011 IT news portal 2013 Guest topic of the week in 2013 greetings
No comments:
Post a Comment