On Feb 2003, there is a new vulnerability reported for Youtube clone script.
The YouTube Clone script suffers from a cross site scripting vulnerability in load_message.php.
Discovered by Smasher
CMS: Youtube Clone Script
Site: http://warwolfz.altervista.org
WarWolfZ Security Crew.
Hello i don't know if this vuln is already out , but i've searched in securityfocus and is not present.
Bug found in load_message.php at line 4:
<?php echo $lang['please_wait']; ?>
Ex: http://localhost/youtube/siteadmin/editor_files/includes/load_message.php?lang[please_wait]=[XSS]
Fix:
<?php echo htmlspecialchars($lang['please_wait']); ?>
Greetz.
Smasher.
If you are using older version of youtube clone script, you must upgraded to latest version of youtube clone script available from http://www.vshare.in