YouTube Hit By HTML Injection Vulnerability
Virak writes "Several hours ago, someone found an HTML injection vulnerability in YouTube's comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a <script> tag at the beginning of a post. The tag itself is escaped, but everything following it is cheerfully placed in the page as is. Blacked out pages with giant red text scrolling across them, shock site redirects, and all sorts of other fun things have been spotted. YouTube has currently blocked such comments from being posted and set the comments section to be hidden by default, and appears to be in the process of removing some of these comments, but the underlying bug does not seem to have been fixed yet."
All of your tubes are belonging to US now.
I went to youtube, but all I saw was crap material. Someone had injected a bunch of crap!
Based on the typical YouTube comment (or video, for that matter), I already hard sort of expected that to be the case.
Lots of people anonymously "injecting" a bunch of crap into a website for all others to see.
This exploit is just an alternative to the original "Upload Video" button.
a "How to learn PHP in 24 hours!" book
Does that mean:
1. It teaches you, over the course of an unspecified period of time, how to learn PHP in 24 hours?
2. It teaches you, over the course of 24 hours, how to learn PHP? or
3. After 24 hours have elapsed, it teaches you how to learn PHP?
Note that it doesn't actually teach you PHP. It just teaches you how to learn it.
If they didn't redirect ALL videos to a Rick Astley video, they have missed the opportunity of a lifetime.
Slashdot social media options: AIM, ICQ, Yahoo, Jabber and Mobile Text. Why no MySpace?
YouTube is supposed to be a kid-friendly place. Parents could do their best to try to responsibly monitor and guide their kids' surfing habits, but still fail because of this exploit. This is not funny, nor awesome. This is not someone finding a potential exploit and graciously letting Google know so they can patch it up. Just a bunch of 4channers screwing around, and to hell with the consequences. And people like you encouraging that type of behaviour.
Just because this is The Internet(TM), it doesn't mean that common courtesy need not apply.
*Reads list of filtering options*
So does it just hide the whole comment section, or show it as being empty?
Physical age doesn't necessarily correspond to mental age. Personally, I've been getting more immature as years pass.
"I have abandoned the quest for eternal youth and instead setttled for lifelong immaturity"