{"id":5363,"date":"2015-11-09T07:42:23","date_gmt":"2015-11-09T07:42:23","guid":{"rendered":"https:\/\/ihs.com.tr\/blog\/?p=5363"},"modified":"2015-11-09T07:42:23","modified_gmt":"2015-11-09T07:42:23","slug":"youtube-gamingdeki-xss-acigi-bulan-kisiye-3-000-kazandirdi","status":"publish","type":"post","link":"https:\/\/www.ihs.com.tr\/blog\/youtube-gamingdeki-xss-acigi-bulan-kisiye-3-000-kazandirdi\/","title":{"rendered":"YouTube Gaming&#8217;deki XSS a\u00e7\u0131\u011f\u0131, bulan ki\u015fiye $3.000 kazand\u0131rd\u0131"},"content":{"rendered":"<p><span style=\"font-size: 14pt;\">Google yak\u0131n zamanda hayata ge\u00e7irdi\u011fi <strong>YouTube Gaming<\/strong> i\u00e7erisindeki bir <strong>cross-site scripting (XSS)<\/strong> a\u00e7\u0131\u011f\u0131n\u0131 bulan ara\u015ft\u0131rmac\u0131y\u0131 <strong>$3.133.7 ile \u00f6d\u00fcllendirdi.<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Ge\u00e7ti\u011fimiz A\u011fustos sonunda sessiz sedas\u0131z hayata ge\u00e7en YouTube Gaming, Amazon&#8217;un sat\u0131n alm\u0131\u015f oldu\u011fu Twitch&#8217;in bir rakibi, oyun videolar\u0131n\u0131n canl\u0131 olarak stream edildi\u011fi bir platform.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bir Hyundai AutoEver Europe \u00e7al\u0131\u015fan\u0131 olan Ashar Javed adl\u0131 test\u00e7i birka\u00e7 dakikada YouTube Gaming&#8217;deki <strong>arama \u00e7ubu\u011fundaki XSS a\u00e7\u0131\u011f\u0131n\u0131 bulmu\u015f<\/strong>. Javed&#8217;e g\u00f6re &#8220;\/&gt;&#8221; string&#8217;ine izin veren kontrol mekanizmas\u0131 sayesinde sald\u0131r\u0131y\u0131 ger\u00e7ekle\u015ftirmek m\u00fcmk\u00fcn olabiliyor.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Di\u011fer t\u00fcm XSS a\u00e7\u0131klar\u0131nda oldu\u011fu gibi, elbette sald\u0131rgan\u0131n \u00f6nce kurban\u0131 \u00f6zel \u00fcretilmi\u015f bir link&#8217;e t\u0131klatmas\u0131 gerekiyor. Bunda ba\u015far\u0131l\u0131 olursa a\u00e7\u0131\u011f\u0131 kullanarak <strong>cookie, session token ve kullan\u0131c\u0131n\u0131n taray\u0131c\u0131s\u0131ndaki di\u011fer ba\u015fka hassas bilgilere eri\u015fim imkan\u0131<\/strong> olabiliyor.<\/span><\/p>\n<p><a href=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/gaming.png\" data-rel=\"penci-gallery-image-content\" ><img decoding=\"async\" class=\"aligncenter size-full wp-image-5365\" src=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/gaming.png\" alt=\"gaming\" width=\"300\" height=\"300\" srcset=\"https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/gaming.png 300w, https:\/\/www.ihs.com.tr\/blog\/wp-content\/uploads\/2015\/11\/gaming-150x150.png 150w\" sizes=\"(max-width: 300px) 100vw, 300px\" \/><\/a><\/p>\n<p><span style=\"font-size: 14pt;\">Bu a\u00e7\u0131k 22 Ekim&#8217;de Google ile payla\u015f\u0131lm\u0131\u015f ve 1 hafta i\u00e7erisinde yamalanarak \u00e7\u00f6z\u00fclm\u00fc\u015f. Google da a\u00e7\u0131\u011f\u0131 bulan ki\u015fiye <strong>iyi niyeti ve eforunun kar\u015f\u0131l\u0131\u011f\u0131 olarak $3.133.7 \u00f6d\u00fcl vermi\u015f.<\/strong><\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Javed&#8217;e g\u00f6re, bu a\u00e7\u0131k genelde geli\u015ftiricilerin unuttu\u011fu bir nokta ve benzer a\u00e7\u0131klar\u0131 <strong>Netflix, Yandex ve benzeri pop\u00fcler 10 farkl\u0131 sitede daha<\/strong> bulmu\u015f.<\/span><\/p>\n<p><span style=\"font-size: 14pt;\">Bu a\u00e7\u0131kla ilgili daha detayl\u0131 bilgi almak i\u00e7in <a href=\"http:\/\/respectxss.blogspot.ro\/2015\/10\/xss-in-youtube-gaming.html\" target=\"_blank\" rel=\"nofollow\"><strong>XSS vulnerability in YouTube Gaming<\/strong><\/a> sayfas\u0131na g\u00f6z at\u0131labilir.<\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Google yak\u0131n zamanda hayata ge\u00e7irdi\u011fi YouTube Gaming i\u00e7erisindeki bir cross-site scripting (XSS) a\u00e7\u0131\u011f\u0131n\u0131 bulan ara\u015ft\u0131rmac\u0131y\u0131 $3.133.7 ile \u00f6d\u00fcllendirdi. Ge\u00e7ti\u011fimiz A\u011fustos sonunda sessiz&hellip;<\/p>\n","protected":false},"author":3,"featured_media":5364,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-5363","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-haberler"],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5363","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=5363"}],"version-history":[{"count":2,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5363\/revisions"}],"predecessor-version":[{"id":5368,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/posts\/5363\/revisions\/5368"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media\/5364"}],"wp:attachment":[{"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=5363"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=5363"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ihs.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=5363"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}