Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] YouTube Persistent Messaging XSS Vulnerability

from [Darren Bounds] Network Security [Permanent Link]
Subject: [Full-disclosure] YouTube Persistent Messaging XSS Vulnerability
Date: Sat, 30 Sep 2006 08:55:09 -0400 
YouTube Persistent Messaging XSS Vulnerability
September 30, 2006

Overview:
As I'm sure everyone knows; YouTube is the internet's leading video
destination site and one of the fastest-growing websites on the web.
It's ranked as the 10th most popular website on Alexa, far outpacing
even MySpace's growth.

Vulnerability:
YouTube has a robust message/email functionality to allow users
communicate and share content within the YouTube user environment. The
YouTube messaging system is vulnerable to a persistent XSS
vulnerability via the subject field allowing the theft of user session
information and other bad stuff.

This vulnerability stems from YouTube failing to sanitize the value of
the HIDDEN HTML tag "field_sendmessage_subject" which is rendered as
part of the message read process.

<input type="hidden" name="field_sendmessage_subject" value="MY SUBJECT">

A malicious user can send a message with a subject which terminates
the 'value' attribute and inserts malicious code.

Example Subject:

Check out my video!         "><script>alert(document.cookie);</script>


Thank you,
Darren Bounds

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] YouTube Persistent Messaging XSS Vulnerability, Darren Bounds <=
Previous by Date:  Re: [Full-disclosure] [WEB SECURITY] Stealing Search Engine Queries with JavaScript, Collin Jackson
Next by Date:  [Full-disclosure] YouTube Persistent Messaging XSS Vulnerability *UPDATED*, Darren Bounds
Previous by Thread:  [Full-disclosure] [SECURITY] [DSA 1187-1] New migrationtools packages fix denial of service, Moritz Muehlenhoff
Next by Thread:  [Full-disclosure] YouTube Persistent Messaging XSS Vulnerability *UPDATED*, Darren Bounds
Indexes:  [Date] [Thread] [Top] [All Lists]