Home > slashdot > YouTube Hit By HTML Injection Vulnerability

YouTube Hit By HTML Injection Vulnerability

July 4th, 2010 07:35 admin Leave a comment Go to comments

Virak writes “Several hours ago, someone found an HTML injection vulnerability in YouTube’s comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a <script> tag at the beginning of a post. The tag itself is escaped, but everything following it is cheerfully placed in the page as is. Blacked out pages with giant red text scrolling across them, shock site redirects, and all sorts of other fun things have been spotted. YouTube has currently blocked such comments from being posted and set the comments section to be hidden by default, and appears to be in the process of removing some of these comments, but the underlying bug does not seem to have been fixed yet.”

Source: YouTube Hit By HTML Injection Vulnerability

Related Articles:

  1. Massive SQL Injection Attack Compromises 380K URLs
  2. Australian Teen Reports SQL Injection Vulnerability, Gets Arrested
  3. Australian Teen Reports SQL Injection Vulnerability, Company Calls Police
  4. All Ruby On Rails Versions Suffer SQL Injection Flaw
  5. YouTube Blocked In Pakistan
blog comments powered by Disqus