YouTube Logical Flaw
Well, we wanted to think a little bit outside the box and find something in Youtube that not many bug hunters have tested, so we’ve decided to test the feature of reviewing comments. Usually, the comments get posted immediately to the uploaded videos, but the author of the channel can control this by changing the settings to hold the comments for review before it gets posted. We thought that not many researchers have tested that feature since it is not the default option.
How was it done?
You can see clearly the comment_id and video_id in the POST parameters. Now, if you change the video_id to any other video id, you will get an error. Yet, if you keep the video_id untouched and change only the comment_id to any other comment id on any youtube video, the request will get accepted and that comment will be copied and appear on your video
Google Security Team have fixed the issue and awarded Ahmed Aboul-Ela with $3, 133.7 under it bounty scheme.
You can see how this vulnerability was carried out in the video below.
