YouTube Hit By HTML Injection Vulnerability
Virak writes "Several hours ago, someone found an HTML injection vulnerability in YouTube's comment system, and since then sites such as 4chan have had a field day with popular videos. The bug is triggered by placing a <script> tag at the beginning of a post. The tag itself is escaped, but everything following it is cheerfully placed in the page as is. Blacked out pages with giant red text scrolling across them, shock site redirects, and all sorts of other fun things have been spotted. YouTube has currently blocked such comments from being posted and set the comments section to be hidden by default, and appears to be in the process of removing some of these comments, but the underlying bug does not seem to have been fixed yet."
wait for it... wait for it... And nothing of value was lost!
________
Entranced by anime since late summer 2001 and loving it ^_^
Wow. You'd think somebody would've figured out something like this a long time ago.
But since merely gazing at youTube comments lowers your IQ by at least 20 points, I'm actually amazed someone found it. Must have used some of kind of proxy who looked at it, got dumber for it, but managed to pass along the code to someone who could look at it without being exposed to the dumb.
You can't take the sky from me...
I'm really surprised it used for trolling rather than making money. That seems like a phishers wet dream.
"Ubuntu" -- an African word, meaning "Slackware is too hard for me". - stolen from Dan C alt.os.linux.slackware
Physical age doesn't necessarily correspond to mental age. Personally, I've been getting more immature as years pass.
Canada: The US's more awesome sibling.
YouTube has currently .... set the comments section to be hidden by default
This is the greatest possible improvement to YouTube short of removing the comments section entirely.
I put the 't' in electrical engineering.