$5,000 YouTube IDOR - Bug Bounty Reports Explained

Рет қаралды 12,235

Күн бұрын

📧 Subscribe to BBRE Premium: bbre.dev/premium
✉️ Sign up for the mailing list: bbre.dev/nl
📣 Follow me on Twitter: bbre.dev/tw
This video is about IDOR vulnerability in KZbin that existed in integration of KZbin with Google Ads. It existed in integration with Google Ads platform. The vulnerability was reported to Google VRP bug bounty program.
🖥 Get $100 in credits for Digital Ocean 🖥
m.do.co/c/cc70...
Report:
bugs.xdavidhu....
Reporter's twitter:
/ xdavidhu
Follow me on twitter:
/ gregxsunday
Timestamps:
00:00 Intro
00:22 Hunting for IDORs on KZbin
01:27 Google Ads
02:47 Sign up for the mailing list
03:17 The exploit
#BugBounty #IDOR #GoogleVRP

Пікірлер

@BugBountyReportsExplained 3 жыл бұрын

Welcome to the comment section! First, thanks for watching! Second, make sure you are subscribed if you liked the video! kzbin.info Follow me on twitter: twitter.com/gregxsunday ✉️ Sign up for the mailing list ✉️ mailing.bugbountyexplained.com/ ☕️ Support my channel ☕️ www.buymeacoffee.com/bountyexplained 🖥 Get $100 in credits for Digital Ocean 🖥 m.do.co/c/cc700f81d215

@gigihadijaya5102 3 жыл бұрын

thank"s for video

@ayodub 3 жыл бұрын

This format of video is perfect

@amerjarrar1063 3 жыл бұрын

Great videos man! keep up the good work!

@BugBountyReportsExplained 3 жыл бұрын

Thank you Amer 😉

@imshaiknasir 3 жыл бұрын

Wow amazing explanation. And hats off to the researcher..

@threeMetreJim 3 жыл бұрын

That's a weird one. I've never seen an ad that was private, they always seem to be unlisted so they don't appear in the channel feed. It's sometimes fun to post comments on their page if they've left comments enabled - like for the one with the dog called rumpus, or some bugus scam product (but I had comments deleted on those 😁 )

@BugBountyReportsExplained 3 жыл бұрын

Hahah funny😂 Actually, the ad must be public on unlisted. It was my false assumption that it can be private as well 😕

@threeMetreJim 3 жыл бұрын

@@BugBountyReportsExplained The ads do tell you how many views and when posted, so a very minor information leak. You could maybe work out upper/lower bounds of an advertising budget.

@dhyeychoksi5178 3 жыл бұрын

Nice work dude. Have been following your channel since a long time. Great work

@BugBountyReportsExplained 3 жыл бұрын

Thanks dude for being a loyal viewer. I hope you will be with me for a lot more 😏

@AniltonNeto 3 жыл бұрын

Enjoy :D 0:20

@user3549 7 ай бұрын

This was worth more than 5k

@chintangajera1537 3 жыл бұрын

Great explaination keep going man!!!

@BugBountyReportsExplained 3 жыл бұрын

Thanks! I appreciate it!!

@HackerSumitJi 3 жыл бұрын

Love you bro

@BugBountyReportsExplained 3 жыл бұрын

Thank you Sumit!

@cyberpirate007 3 жыл бұрын

Wow!! Dope find

@BugBountyReportsExplained 3 жыл бұрын

It is! You can also watch another video about hacking Google by the same David Shutz: kzbin.info/www/bejne/o5q0p6KseZiWZpY and the podcast we recorded together: kzbin.info/www/bejne/jmeWk4OwbNenepY