I just wrote a mail to the google security team, but I'm sure they're aware of it already anyways. I was telling them about a html injection attack on youtube that's going on. Apparently comments aren't properly escaped so this will actually put a marquee on the page:
<script>IF_HTML_FUNCTION?<marquee><b>Woot!<script>
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgWDbdBPNCChHoV3r1VzyMuVg1xm6u2mLA_qscNFO-i1C8SmOeE02XqCS0HjVUUE4_DLaje8VyFJYoF-I_s92Km0omTrAdlzkehw1OnXE1axyPWqHRQzz5gjNzLpkpuOglVqvjkrglTrUg1/s320/Bildschirmfoto+2010-07-04+um+15.51.35.png)
Supposedly, this XSS attack works too, but I couldn't confirm it:
<script>IF_HTML_FUNCTION?<body onload="while(1){ alert('Woot!'); }"><script>
Edit:
Reddit has a good discussion on it.
No comments:
Post a Comment