YouTube flaw allowed copying comments from one video to another

An Egypt-based security researcher said Google has fixed an interesting vulnerability he and a colleague found in YouTube.

Ahmed Aboul-Ela wrote on his blog that he and a fellow researcher, Ibrahim Mosaad, wanted to find a problem in a feature on YouTube “that not many bug hunters have tested.”

They focused on a setting in YouTube that holds comments for review before they’re published. If that feature is enabled, comments are then listed in a control panel labeled “held for review.”

Aboul-Ela wrote he intercepted the http request that is sent to Google when a comment is approved. The request contains two parameters: “comment_id” and “video_id.”

To read this article in full or to leave a comment, please click here

Read more: YouTube flaw allowed copying comments from one video to another

Story added 16. April 2015, content source with full text you can find at link above.