Full Disclosure mailing list archives
Youtube xss
From: Christopher Grant <chrisgrantmail () gmail com>
Date: Sun, 4 Jul 2010 21:57:50 +0800
See http://www.youtube.com/watch?v=0xFbldgYVwQ for an example. It would appear that including something along the lines of "* <script>IF_HTML_FUNCTION?*" followed by your payload in a comment bypasses youtube's xss defenses. Pretty big hole eh? - Chris
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Youtube xss Christopher Grant (Jul 04)
- Re: Youtube xss rafael . gomes (Jul 04)