Hacking YouTube To Get Spoofed Comments on Videos

A security researcher has discovered a critical vulnerability in Google-owned YouTube that could allow anyone to make the comment posted by any celebrity or public figure on some YouTube video appear on his or her own YouTube video, impersonating that celeb.

Just a few weeks ago we reported about a simple logical vulnerability in YouTube that could have been exploited by anyone to delete any video from YouTube in just one shot.

Now:

Again a small trick in the popular video sharing website could allow anyone to play with the comments posted by users on YouTube videos.

Ahmed Aboul-Ela and Ibrahim M. El-Sayed, two Egyptian security researcher, found a simple trick that allowed him to copy any comments from any video on the popular video sharing website to his video, even without any user-interaction.

Not only this, but also:

This vulnerability allows you to spoof, duplicate or copy the comments on discussion boards from any YouTube channel and make it appear as the comments on your video or as a comment on your YouTube channel’s discussion board.

How did this happen?

While testing the reviewing comments feature, the researcher noticed that the comments posted to any video on YouTube can be controlled by the author of that YouTube channel by changing the settings to "Hold all comments for review" before it gets posted.
youtube-comment-hack
After enabling this option, all the comments posted by different users on your video will be listed in a new tab on https://www.youtube.com/comments with an option to approve or remove it.

Now:

When you approve any listed comment and intercept the HTTP request, you’ll find a comment_id and a video_id in the POST parameter.

If you change the video_id with any distinct video_id value, you’ll get an error.

But, Here’s the deal:
If you change only the comment_id to any other comment_id value on any YouTube video, keeping the video_id untouched, the request will get accepted by YouTube, and the comment will appear on your YouTube video.

However, this does not remove the original comment from the original video and even the author of the comment does not get notified that his comment is copied onto another video.

You can also watch the video demonstration of the YouTube vulnerability below:

Of course, the vulnerability have been fixed after the researcher reported it to Google. The search engine giant also paid Aboul-Ela a cash reward of $3,133.7 under its bug bounty scheme for finding and reporting the critical issue to the company.

Comments

JNTU-K B.Tech R10 All Results | Manabadi | Schools9 | jntuk.edu.in

Hi Friends...! It is some what difficult to search the all regular and supply results in google from manabadi, schools9 or from jntuk.edu.in for JNTU-Kakinada B.Tech students of R10 Regulation. So, that for this purpose Results Release team collected all the results and providing you to check the results of jntuk r10 regulation. JNTU-K R10 B.Tech All Results [2010-14] JNTU-K R10 B.Tech All Results [2011-15] JNTU-K R10 B.Tech All Results [2012-16]

continue ----------->

Adobe Acrobat XI Pro 11.0.0 Multilanguage (Cracked dll )

(Size: 530 MB) Adobe® Acrobat® XI Pro is more than just the leading PDF converter. It's packed with smart tools that give you even more power to communicate. Easily, seamlessly, brilliantly. NEW Edit text in a PDF - Fix a typo, change a font, or add a paragraph to your PDF as easily as you do in other applications using a new point-and-click interface. NEW Convert PDF files to PowerPoint - Get a head start on new projects by saving a PDF file as a fully editable PowerPoint presentation. NEW Create new PDF and web forms - Customize professional templates or design from scratch with the Adobe FormsCentral desktop app included in Acrobat XI Pro. IMPROVED Standardize routine PDF tasks - Make it easy to create PDFs consistently. Guide people through the correct series of steps with Actions. NEW Edit images in a PDF - Resize, replace, and adjust images in your PDF with no need to track down the original file or graphic.

continue ----------->

The anatomy of anxiety

continue ----------->

Mac OS X 10.8 Mountain Lion ISO Untouched OS download

Description I noticed that there are no complete and untouched Mountain Lion ISO images uploaded on any torrent sites. The only one available had its boot sector stripped so it could fit onto a 4.7 gb dvd. Therefore it is not bootable or very hard to boot! So here is a untouched copy of Mountain Lion in the ISO format. It will require a dual layer dvd to burn! This iso was made by opening the golden master "InstallESD.dmg" in disk utility and converting it to a cd/dvd master. Macs use the extension ".cdr" for raw image files so I then changed it to ".iso". Now it is completely compatible to be burned with any iso image burner available! To burn on a mac in disk utility simply change the extension back to ".cdr".

continue ----------->

System Error Codes: 1 to 1935

Unfortunately, sometimes all you get is the system error code but nothing about what the code means! Once you know what the system error code means (below) then you can work on fixing the problem. 1 to 1935 click below continue to see all the errors in our systems naturally

continue ----------->

Tech Soft

Search This Blog