Legal Disclaimer

More documents

Recommendations

Info

Hacking For Beginners – Manthan Desai 2010 28. XSS vulnerability found on You Tube On the 4th of July 2010 YouTube users began complaining that their videos had been hijacked, the comments section of their videos seemed to be most severely affected, many complained that old comments vanished and new comments could not be added. Others reported that offensive messages were popping up on their screen or scrolling horizontally in large fonts and striking colours. Some users also seemed to suggest that there were experiencing page redirects, often to sites promoting pornographic content. YouTube users voiced their experiences on YouTube message boards, Twitter and other social networking sites. Within minutes it was apparent that the YouTube website was under attack. w w w . h a c k i n g t e c h . c o . t v Page 154
Hacking For Beginners – Manthan Desai 2010 You Tube’s XSS (Cross Site Scripting) defences had been defeated. Security-minded people began shouting warnings, asking users to stay off YouTube. Other YouTube users urged others to log out from their account, for fear of cookie hijacking, and other nastiest caused by XSS attacks. Above: Some users reported this screen when browsing the YouTube site during the attack. Within an hour or two the problem was fixed, YouTube servers were cleaned out rebooted and the Internet as we know it was restored to normality. Very few realized that what they had just witnessed was probably the single most embarrassing and largest security breach that Google has ever suffered. This flaw could, and probably will, tarnish Google’s reputation and raise new awareness to everyone. People ask; how can Google and YouTube suffer from such a classic XSS attack as this one? The YouTube XSS Vulnerability Explained In XSS (Cross Site Scripting) attacks such as this one the attacker manages to ‘inject’ JavaScript code into the target website. In this attack the Comments feature of YouTube videos was targeted. The attacker would simply paste his malicious script into the comments field that is available under videos on the YouTube website. w w w . h a c k i n g t e c h . c o . t v Page 155
Page 2 and 3:
Hacking For Beginners - Manthan Des
Page 4 and 5:
Page 6 and 7:
Page 8 and 9:
Page 10 and 11:
Page 12 and 13:
Page 14 and 15:
Page 16 and 17:
Page 18 and 19:
Page 20 and 21:
Page 22 and 23:
Page 24 and 25:
Page 26 and 27:
Page 28 and 29:
Page 30 and 31:
Page 32 and 33:
Page 34 and 35:
Page 36 and 37:
Page 38 and 39:
Page 40 and 41:
Page 42 and 43:
Page 44 and 45:
Page 46 and 47:
Page 48 and 49:
Page 50 and 51:
Page 52 and 53:
Page 54 and 55:
Page 56 and 57:
Page 58 and 59:
Page 60 and 61:
Page 62 and 63:
Page 64 and 65:
Page 66 and 67:
Page 68 and 69:
Page 70 and 71:
Page 72 and 73:
Page 74 and 75:
Page 76 and 77:
Page 78 and 79:
Page 80 and 81:
Page 82 and 83:
Page 84 and 85:
Page 86 and 87:
Page 88 and 89:
Page 90 and 91:
Page 92 and 93:
Page 94 and 95:
Page 96 and 97:
Page 98 and 99:
Page 100 and 101:
Page 102 and 103:
Page 104 and 105: Hacking For Beginners - Manthan Des
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
Page 244 and 245:
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
show all

Legal Disclaimer

Create successful ePaper yourself

Delete template?

Save as template?