I suggest you to read on Content Delivery Network Architectures . YouTube.com populates and distributes stored files to multiple servers through a CDN (Content Delivery Architecture), where each video uses more than one machine (hosted by a cluster). Less populated video files are normally stored in various colocation sites. The YouTube architecture uses databases for storing metadata information of all uploaded files.
https://www.owasp.org/index.php/Unrestricted_File_Upload On Thu, Mar 13, 2014 at 2:22 PM, Nicholas Lemonias. < lem.niko...@googlemail.com> wrote: > *https://www.google.com/settings/takeout > <https://www.google.com/settings/takeout> * > > *However the only problem would be to get past Content ID filtering. I > suppose encrypting an uploaded file, and obfuscating file headers may get > past YouTube's Content ID filtering. Youtube is not a File Transfer > Protocol... It's there to serve media content. * > > <https://www.google.gr/#> > > > On Thu, Mar 13, 2014 at 1:52 PM, Pedro Ribeiro <ped...@gmail.com> wrote: > >> Keep in mind that YouTube allows files to be uploaded by definition. What >> you have achieved is upload a file for an extension type that is not >> allowed. >> It is definitely a vulnerability but a low risk one since you haven't >> demonstrated if it has any ill effects. >> >> Can you somehow find the URL to where the file was uploaded? I would >> guess not, since a well designed service like YouTube should hide those >> details and no leak them in any way. Maybe if you are able to find that you >> can combine with this vulnerability and get them to open their wallet? >> >> Regards >> Pedro >> On 13 Mar 2014 11:50, "Nicholas Lemonias." <lem.niko...@googlemail.com> >> wrote: >> >>> Google vulnerabilities uncovered... >>> >>> >>> >>> http://news.softpedia.com/news/Expert-Finds-File-Upload-Vulnerability-in-YouTube-Google-Denies-It-s-a-Security-Issue-431489.shtml >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/