| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 30 Sep 2006 08:55:09 -0400 From: "Darren Bounds" <dbounds@...il.com> To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com Subject: YouTube Persistent Messaging XSS Vulnerability YouTube Persistent Messaging XSS Vulnerability September 30, 2006 Overview: As I'm sure everyone knows; YouTube is the internet's leading video destination site and one of the fastest-growing websites on the web. It's ranked as the 10th most popular website on Alexa, far outpacing even MySpace's growth. Vulnerability: YouTube has a robust message/email functionality to allow users communicate and share content within the YouTube user environment. The YouTube messaging system is vulnerable to a persistent XSS vulnerability via the subject field allowing the theft of user session information and other bad stuff. This vulnerability stems from YouTube failing to sanitize the value of the HIDDEN HTML tag "field_sendmessage_subject" which is rendered as part of the message read process. <input type="hidden" name="field_sendmessage_subject" value="MY SUBJECT"> A malicious user can send a message with a subject which terminates the 'value' attribute and inserts malicious code. Example Subject: Check out my video! "><script>alert(document.cookie);</script> Thank you, Darren Bounds _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists