YouTube hit by HTML Injection vulnerability
User:
aewhale
Date: 7/6/2010 6:31 am
Views: 946
Rating: 2 Rate [ | ]
Date: 7/6/2010 6:31 am
Views: 946
Rating: 2 Rate [ | ]
Video comments hidden by some sort of script?
On a video I just watched, with around 150,000+ views, there was a
comment containing nothing but this: <script>
All comments
previous to that comment were not viewable even after selecting to "See
all".
So, I viewed the page source of the page, and this is what
appeared.
-------------------------
<div>
<a class="author" href="/user/beautifulday01"
title="beautifulday01">
beautifulday01</a>
</div>
<div>
<span class="time">12 minutes ago</span>
</div>
</div>
<div class="content">
<div class="comment-text">
<script><script>IF_HTML_FUNCTION?
</div>
<div class="metadata-inline">
<a class="author" href="/user/beautifulday01">beautifulday01</a>
<span class="time">12 minutes ago</span>
</div>
---------------------
It seems that this "script" is being used to attack the comment sections of video and rendering all previous comments invisible, as well as possibly affecting the addition of new comments.
I wanted to post it here because I wasn't sure if YT staff has already been made aware of this activity.
</div>
<div>
<span class="time">12 minutes ago</span>
</div>
</div>
<div class="content">
<div class="comment-text">
<script><script>IF_HTML_FUNCTION?
</div>
<div class="metadata-inline">
<a class="author" href="/user/beautifulday01">beautifulday01</a>
<span class="time">12 minutes ago</span>
</div>
---------------------
It seems that this "script" is being used to attack the comment sections of video and rendering all previous comments invisible, as well as possibly affecting the addition of new comments.
I wanted to post it here because I wasn't sure if YT staff has already been made aware of this activity.