Broken session control leads to access private videos using the shared link even after revoking the access for specific time!! — #GoogleVRP

A lot of people might know how to share the private video and can access that video but here the interesting thing is now this vulnerability can be used to see private video after revoking the access.

For example:

Let’s assume a scenario suppose you have uploaded a private video and share access to a specific people in a organization by entering their email or mistakenly shared the video to a person.

After sometime you are revoking the access to them by removing the mail. In between this suppose the viewer who gets access to the video captures the response of that video and saves it.

Now if they try to view the video they will see error. Now again using proxy if they inject the response they can still view the video and they can screen record the video also. This video can be viewed by them until the response gets expired. As far as I know it’s taking approximately 8 hours for the session to get expired.

Here when we give the access the private video it effects immediately but when we revoke the access to the video it is different it won’t effect immediately😂

Since as google said it’s a small window of attack , I have uploaded my poc on YouTube itself. Capture the response of my video so that even if I make it private also you will still have access to it for some time..!😛😂.

Final POC Video:

But, when I decided to send this issue to Google VRP the response didn’t make me happy and Yes, the report was closed as ‘Intended Behavior’ :(

So see y’all in a new write-up soon guys !!

Thanks for reading !!

Make sure to follow me on Twitter ;)

@Naveen

--

--

--

Red teamer, Security Researcher

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Data Secrets: Doing Data-driven Business in Secrecy

How I remove Bitmotion-tab.com

Supply Chain Attacks: Case Studies

10 tips to improve your iPhone security

{UPDATE} Adam Asmaca! Hack Free Resources Generator

New Privacy Updates for iOS14 Make Marketers Lives Harder And Fraudsters Are Loving It

Basic Pentesting — TryHackMe Writeup

Cybersecurity, the Gatekeeper to Value

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Naveenroy

Naveenroy

Red teamer, Security Researcher

More from Medium

CVE Program Report for Q4 Calendar Year 2021

Rooting Gryphon Routers via Shared VPN

🐱‍💻 The eWPT Review🔍

Space Heroes CTF[All Web Challenges Writeup]