Keep in mind that YouTube allows files to be uploaded by definition. What you have achieved is upload a file for an extension type that is not allowed. It is definitely a vulnerability but a low risk one since you haven't demonstrated if it has any ill effects.
Can you somehow find the URL to where the file was uploaded? I would guess not, since a well designed service like YouTube should hide those details and no leak them in any way. Maybe if you are able to find that you can combine with this vulnerability and get them to open their wallet? Regards Pedro On 13 Mar 2014 11:50, "Nicholas Lemonias." <lem.niko...@googlemail.com> wrote: > Google vulnerabilities uncovered... > > > > http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/