For example, if your YouTube video’s URL is “youtube.com/video”, all you need to do is insert a period at the end of the “com” so that it reads “youtube.com./video” and you’re good to go. Given that this bug is going to cost YouTube to lose revenue from ads that are being skipped, we’re sure that it is going to be patched in a matter of days, if it hasn’t already.
According to a post on Reddit by u/unicorn4sale, “It’s a commonly forgotten edge case, websites forget to normalize the hostname, the content is still served, but there’s no hostname match on the browser so no cookies and broken CORS – and lots of bigger sites use a different domain to serve ads/media with a whitelist that doesn’t contain the extra dot”
This suggests that this is an oversight and that a fix should be just as simple as the exploit, so if it doesn’t work for you the next time you try it, there’s a good chance that the website has already patched it up.
Filed in Social Hit and YouTube. Source: thenextweb. Read more about