HostOnNet Blog

youtubeclone xss

On Feb 2003, there is a new vulnerability reported for Youtube clone script.

The YouTube Clone script suffers from a cross site scripting vulnerability in load_message.php.

Discovered by Smasher
CMS: Youtube Clone Script
Site: http://warwolfz.altervista.org
WarWolfZ Security Crew.

Hello i don't know if this vuln is already out , but i've searched in securityfocus and is not present.

Bug found in load_message.php at line 4:

<?php echo $lang['please_wait']; ?>

Ex: http://localhost/youtube/siteadmin/editor_files/includes/load_message.php?lang[please_wait]=[XSS]

Fix:

<?php echo htmlspecialchars($lang['please_wait']); ?>

Greetz.
Smasher.

If you are using older version of youtube clone script, you must upgraded to latest version of youtube clone script available from http://www.vshare.in


Posted in Youtube Clone. Bookmark the permalink.