Post Reply 
Youtube HTML exploit
Author Message
ZiNgA BuRgA
Smart Alternative

Posts: 17,022.2988
Threads: 1,174
Joined: 19th Jan 2007
Reputation: -1.71391
E-Pigs: 446.1294
Offline
Post: #1
Youtube HTML exploit
I don't visit Youtube often, but some of you who do may have seen this?  Apparently, a HTML exploit was discovered in Youtube's commenting system.  By starting the comment with "<script>", one could insert arbitrary HTML onto the page (or something like that).  The actual tag gets filtered properly, but everything after doesn't.

http://www.google.com/support/forum/p/yo...9910&hl=en

I think comments are hidden now - unsure if the issue is actually fixed or not.

I guess 4chin SUCK people had a bit of a field day with this.

Random comment:
Quote:The evolution of this bug exploit was quite interesting to follow up close.

At first it simply prevented any further comments to be posted.
Then text was added.
Then the text was scrolling.
Suddenly, the entire page was blacked out except for the added text.

And that's when the more technical minded people realized much much more was possible.
Bam! Popups!
Infinite popups that lead to browser crashes!
Page redirects to shock sites!
The most sophisticated version I saw actually replaced the Youtube video in-place with the 1man1jar video..

And when the exploit was blocked in the comments, it had a small resurgence as video reply title, before being smacked down once more.

Glorious.
05/07/2010 05:37 AM
Visit this user's website Find all posts by this user Quote this message in a reply
S7*
Sweet Dreams

Posts: 16,689.4373
Threads: 1,056
Joined: 3rd Apr 2007
Reputation: 14.29926
E-Pigs: 383.2289
Offline
Post: #2
RE: Youtube HTML exploit
Woa. I'd like to see proof but it seems like YouTube got exploited alright.

Edit: Then again the "proof" is probably what I don't want to see... :/
(This post was last modified: 05/07/2010 05:58 AM by S7*.)
05/07/2010 05:58 AM
Find all posts by this user Quote this message in a reply
diego
poof

Posts: 7,826.1659
Threads: 264
Joined: 22nd Jun 2007
Reputation: 1.80067
E-Pigs: 37.4012
Offline
Post: #3
RE: Youtube HTML exploit
I read somewhere that 4chin SUCK changed beiber videos to hershey kisses.

[Image: cce6aa9e-c40c-4ae7-aebe-d7780d6fc009.gif]
05/07/2010 06:46 AM
Find all posts by this user Quote this message in a reply
S7*
Sweet Dreams

Posts: 16,689.4373
Threads: 1,056
Joined: 3rd Apr 2007
Reputation: 14.29926
E-Pigs: 383.2289
Offline
Post: #4
RE: Youtube HTML exploit
(05/07/2010 06:46 AM)diego Wrote:  I read somewhere that 4chin SUCK changed beiber videos to hershey kisses.

guess theres some good in the world after all.
05/07/2010 07:13 AM
Find all posts by this user Quote this message in a reply
eKusoshisut0
NOIDED

Posts: 6,288.3965
Threads: 102
Joined: 6th Mar 2010
Reputation: -0.51929
E-Pigs: 174.7326
Offline
Post: #5
RE: Youtube HTML exploit
(05/07/2010 06:46 AM)diego Wrote:  I read somewhere that 4chin SUCK changed beiber videos to hershey kisses.

lol, guess the exploit was put to good use

[Image: tumblr_mlae69vAW21rmerh9o1_400.gif]


More stuff
Steam Page
[Image: K7UVN.png]
Thanks to Vacui_Natale for making this awesome siggy.
[Image: cq8au.gif]
Thanks to Natalie for this sexy Mawaru Penguindrum sig. <3
[Image: ofusT.png][


    
[Image: 9252_s.gif]

05/07/2010 07:29 AM
Find all posts by this user Quote this message in a reply
S7*
Sweet Dreams

Posts: 16,689.4373
Threads: 1,056
Joined: 3rd Apr 2007
Reputation: 14.29926
E-Pigs: 383.2289
Offline
Post: #6
RE: Youtube HTML exploit
[Image: vzu1qs.jpg]
05/07/2010 07:47 AM
Find all posts by this user Quote this message in a reply
Gadget
ɯƃıpɐɹɐd ssǝןpuǝ

Posts: 908.2697
Threads: 69
Joined: 23rd Apr 2008
Reputation: 0.85528
E-Pigs: 63.3012
Offline
Post: #7
RE: Youtube HTML exploit
that would have been cool to see lol

PSN: Brick_Factory

Spoiler for sigpic:
[Image: 157nb04.png]
Spoiler for NeCr0-B0T:
Necro-Bot
Necro may refer to:
    * necro-, the Greek prefix meaning death
Bot or BOT or similar may refer to:
    * Internet bot, computer program which does automated tasks
    * Botnet, network of "zombie" computers used to carry out automated tasks such as spamming
05/07/2010 07:56 AM
Visit this user's website Find all posts by this user Quote this message in a reply
u_c_taker
hacks=drama

Posts: 3,185.2011
Threads: 102
Joined: 29th Jan 2007
Reputation: -1.03084
E-Pigs: 36.7855
Offline
Post: #8
RE: Youtube HTML exploit
Haha Rofl

05/07/2010 10:18 AM
Find all posts by this user Quote this message in a reply
trademark91
Unique?
Fractal Insanity

Posts: 4,719.9300
Threads: 269
Joined: 4th Jan 2008
Reputation: -6.15982
E-Pigs: 105.8691
Offline
Post: #9
RE: Youtube HTML exploit
lol @ sensei

[Image: 531115][Image: 76561198014212040.png]
windows Proud
05/07/2010 10:25 AM
Find all posts by this user Quote this message in a reply
Mythos
protoman

Posts: 573.1637
Threads: 31
Joined: 18th Apr 2007
Reputation: -1.8373
E-Pigs: 24.3694
Offline
Post: #10
RE: Youtube HTML exploit
yeah ive seen it.. covered the whole page or redirected to goatse :)

[Image: Mythos3k.png]
05/07/2010 02:24 PM
Visit this user's website Find all posts by this user Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread:

 Quick Theme: