YouTube flaw allowed copying comments from one video to another
An Egypt-based security researcher said Google has fixed an interesting vulnerability he and a colleague found in YouTube.
Ahmed Aboul-Ela wrote on his blog that he and a fellow researcher, Ibrahim Mosaad, wanted to find a problem in a feature on YouTube “that not many bug hunters have tested.”
They focused on a setting in YouTube that holds comments for review before they’re published. If that feature is enabled, comments are then listed in a control panel labeled “held for review.”
Aboul-Ela wrote he intercepted the http request that is sent to Google when a comment is approved. The request contains two parameters: “comment_id” and “video_id.”