Рет қаралды 4,317
📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc700f81d215
This video is an explanation of a vulnerability found in Google bug bounty program. The bug was a CSRF (cross-site request forgery) that allowed stealing private and unlisted videos from KZfaq.
Report:
bugs.xdavidhu.me/google/2021/...
Reporter's twitter:
/ xdavidhu
POC script:
gist.github.com/xdavidhu/b264...
Follow me on twitter:
/ gregxsunday
00:00 Intro
00:35 Pairing YT TV with the browser
03:35 The bug
04:48 Pairing the victim with our TV
05:48 Video ID?