youtubeclone-xss.txt

2008-02-03T00:00:00
ID PACKETSTORM:63207
Type packetstorm
Reporter Smasher
Modified 2008-02-03T00:00:00

Description

                                        
                                            `Discovered by Smasher  
CMS: Youtube Clone Script  
Site: http://warwolfz.altervista.org  
WarWolfZ Security Crew.  
  
Hello i don't know if this vuln is already out , but i've searched in securityfocus and is not present.  
  
Bug found in load_message.php at line 4:  
  
<?php echo $lang['please_wait']; ?>  
  
Ex: http://localhost/youtube/siteadmin/editor_files/includes/load_message.php?lang[please_wait]=[XSS]  
  
Fix:  
  
<?php echo htmlspecialchars($lang['please_wait']); ?>  
  
Greetz.  
Smasher.  
`