|
Full Disclosure
mailing list archives
Youtube xss
From: Christopher Grant <chrisgrantmail () gmail com>
Date: Sun, 4 Jul 2010 21:57:50 +0800
See http://www.youtube.com/watch?v=0xFbldgYVwQ for an example. It would
appear that including something along the lines of "*
<script>IF_HTML_FUNCTION?*" followed by your payload in a comment bypasses
youtube's xss defenses. Pretty big hole eh?
- Chris
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
 By Date 
By Thread
Current thread:
- Youtube xss Christopher Grant (Jul 04)
| 
