YouTube Blog Multiple Input Validation Vulnerabilities
BID:30345
Info
YouTube Blog Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 30345 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3308 CVE-2008-3305 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 22 2008 12:00AM |
| Updated: | Jul 05 2016 10:01PM |
| Credit: | Unohope |
| Vulnerable: |
Carlos Desseno YouTube Blog 0.1 |
| Not Vulnerable: | |
Discussion
YouTube Blog Multiple Input Validation Vulnerabilities
YouTube Blog is prone to multiple input-validation vulnerabilities, including an SQL-injection issue, a cross-site scripting issue, and a remote file-include issue.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, execute arbitrary code within the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database
YouTube Blog 0.1 is vulnerable; other versions may also be affected.
YouTube Blog is prone to multiple input-validation vulnerabilities, including an SQL-injection issue, a cross-site scripting issue, and a remote file-include issue.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, execute arbitrary code within the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database
YouTube Blog 0.1 is vulnerable; other versions may also be affected.
Exploit / POC
YouTube Blog Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.
The following example URIs are available:
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim to follow a malicious URI.
The following example URIs are available:
Solution / Fix
YouTube Blog Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
YouTube Blog Multiple Input Validation Vulnerabilities
References:
References:
- YouTube Blog Homepage (Carlos Desseno)