Foro de elhacker.net

Seguridad Informática => Nivel Web => Mensaje iniciado por: TinKode en 4 Julio 2010, 15:03 pm


Título: Youtube.com Vulnerable to HTML Code Injection
Publicado por: TinKode en 4 Julio 2010, 15:03 pm
Read here the article: http://blog.insecurity.ro/youtube-html-code-injection/

Título: Re: Youtube.com Vulnerable to HTML Code Injection
Publicado por: braulio-- en 4 Julio 2010, 15:16 pm
Pues es cierto, funciona. Esto es un fallo bastante gordo así que ya lo pueden ir arreglando.

Título: Re: Youtube.com Vulnerable to HTML Code Injection
Publicado por: SH4V en 4 Julio 2010, 21:54 pm
@Tinkode, I don't know whether you are the author of the vulnerability but I think it's more ethical to report it before post it. Just a sugerence. I tell you this because youtube offer a fairly good services for free, as well as google, and this kind of stuffs doesn't benefit them at all. I'd have reported rather than divulge it all around the www. Anyway, very good job! How did you reach to the security hole?

Título: Re: Youtube.com Vulnerable to HTML Code Injection
Publicado por: TinKode en 4 Julio 2010, 22:45 pm
Cita de: sh4van3 en  4 Julio 2010, 21:54 pm
@Tinkode, I don't know whether you are the author of the vulnerability but I think it's more ethical to report it before post it. Just a sugerence. I tell you this because youtube offer a fairly good services for free, as well as google, and this kind of stuffs doesn't benefit them at all. I'd have reported rather than divulge it all around the www. Anyway, very good job! How did you reach to the security hole?

I found a article about XSS and HTML5 and I tested on youtube to see if it's vulnerable to XSS. I don't know from when is public this vuln, but I written the article yesterday.
But I don't care who found this. The important thing it's Youtube was vulnerable and "defaced". These things aren't allowed for a company like youtube, a part of google.

Título: Re: Youtube.com Vulnerable to HTML Code Injection
Publicado por: sirdarckcat en 5 Julio 2010, 05:15 am
Tinkode, thanks for finding this vulnerability. Next time please send an email to security@google.com so Google can track it and fix it faster.

Título: Re: Youtube.com Vulnerable to HTML Code Injection
Publicado por: TinKode en 5 Julio 2010, 10:41 am
Cita de: sirdarckcat en  5 Julio 2010, 05:15 am
Tinkode, thanks for finding this vulnerability. Next time please send an email to security@google.com so Google can track it and fix it faster.


Ok, I don't know if will exist a next time.


And official about the author, etc here:
http://news.softpedia.com/news/Dangerous-XSS-Bug-Found-on-YouTube-146157.shtml

&

http://www.xssed.com/news/113/YouTube_persistent_XSS_vulnerability/


Powered by SMF 1.1.21 | SMF © 2006-2008, Simple Machines