Channel: Tech Raj

Category: Science & Technology

Tags: google bug bountyyoutube bugbug bountytech rajyoutube private video buggoogle buggoogle vrpgoogle api buggoogle ads momentsvulnergoogle ads api bugyoutube hackwatch private videos on youtubevulneribility reward programdavid shutz

Description: This bug was found by David Schütz. Check out his write up on his blog: bugs.xdavidhu.me/google/2021/01/11/stealing-your-private-videos-one-frame-at-a-time This bug that existed in Google's backend API allowed an attacker to watch a private video on youtube without having the required permissions. The attacker can view the youtube video by stealing it one frame at a time. This bug existed in an embedded YouTube player on Google Ads. The Google Ads feature "Moments" was exploited to steal individual thumbnails (or frames) of any private video, which can be combined to form the video. Google awarded 5000$ reward for this discovering this bug to the author David Schütz. Join my Discord Server: discord.gg/7h2Eb7y Follow me on Instagram: instagram.com/teja.techraj Follow on Twitter: twitter.com/techraj156 Website: techraj156.com Blog: blog.techraj156.com