youtubeclone xss

Posted on February 4, 2008 by flashweb

On Feb 2003, there is a new vulnerability reported for Youtube clone script.

The YouTube Clone script suffers from a cross site scripting vulnerability in load_message.php.

Discovered by SmasherCMS: Youtube Clone ScriptSite: http://warwolfz.altervista.orgWarWolfZ Security Crew.

Hello i don't know if this vuln is already out , but i've searched in securityfocus and is not present.

Bug found in load_message.php at line 4:

<?php echo $lang['please_wait']; ?>

Ex: http://localhost/youtube/siteadmin/editor_files/includes/load_message.php?lang[please_wait]=[XSS]

Fix:

<?php echo htmlspecialchars($lang['please_wait']); ?>

Greetz.Smasher.

If you are using older version of youtube clone script, you must upgraded to latest version of youtube clone script available from http://www.vshare.in

Related posts:

  1. MySpace Started YouTube clone – MySpaceTV
  2. vShare Youtube clone script
  3. Youtube clone for geeks
  4. Installing ffmpeg on shared host
  5. vShare Youtube clone 2.5 released.
This entry was posted in youtube clone. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>