Warning: Highly Critical XSS Vulnerability Discovered in YouTube
By on July 4th, 2010

YouTube-VulnerabilityIt appears that YouTube is vulnerable to XSS (cross-site scripting) attacks. Details are scarce since this is a breaking story. However, according to preliminary information available with us, it is possible to hijack cookies to gain access to a logged-in user’s Gmail and YouTube accounts.

Although, it’s unclear who discovered this vulnerability, 4Chan users are already trying to actively exploit it. The exploit makes use of PHP, JavaScript, and XSS, and is being spread through comments on videos. Any logged in user who has browsed to an infected page is vulnerable. The best solution is to completely log out of YouTube until this issue has been fixed. If you are worried that you have viewed an infected video, delete all your cookies.

Spread the word to your friends and family members and help them stay protected. We will update you as soon as we learn more.

Update 1: TheNextWeb is reporting that Justin Bieber videos are being targeted in a big way.

Update 2: YouTube has now blocked all scripts from comments. However, video titles are also vulnerable and video responses are now being used to exploit the vulnerability.

Update 3: Google has issued an official statement.

Tags: , , ,
Author: Pallab De Google Profile for Pallab De
Pallab De is a blogger from India who has a soft spot for anything techie. He loves trying out new software and spends most of his day breaking and fixing his PC. Pallab loves participating in the social web; he has been active in technology forums since he was a teenager and is an active user of both twitter (@indyan) and facebook .

Pallab De has written and can be contacted at pallab@techie-buzz.com.

Leave a Reply

Name (required)

Website (optional)

 
    Warning: call_user_func() expects parameter 1 to be a valid callback, function 'advanced_comment' not found or invalid function name in /home/keith/techie-buzz.com/htdocs/wp-includes/comment-template.php on line 1694
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN