📧 Subscribe to BBRE Premium: [ Ссылка ]
✉️ Sign up for the mailing list: [ Ссылка ]
📣 Follow me on Twitter: [ Ссылка ]
🖥 Get $100 in credits for Digital Ocean 🖥
[ Ссылка ]
This video is an explanation of a vulnerability found in Google bug bounty program. The bug was a CSRF (cross-site request forgery) that allowed stealing private and unlisted videos from YouTube.
Report:
[ Ссылка ]
Reporter's twitter:
[ Ссылка ]
POC script:
[ Ссылка ]
Follow me on twitter:
[ Ссылка ]
00:00 Intro
00:35 Pairing YT TV with the browser
03:35 The bug
04:48 Pairing the victim with our TV
05:48 Video ID?
![](https://i.ytimg.com/vi/miQvovD3c04/maxresdefault.jpg)