Posted on Monday, July 05 2010 @ 22:08 CEST by Thomas De Maesschalck
The Next Web
reports hackers managed to find a HTML injection vulnerability in YouTube during the long weekend.
In the past hour it appears YouTube has become the target of a hacker attack, specifically targeting videos of pop singer Justin Bieber.
Videos relating to the star have been hit with a redirect hack with a number of different payloads. We’ve seen one redirect to an infamous, explicit “One Man One Jar” video while another covers the screen in the words “OMG Faggot”. A Twitter search confirms that the problem is widespread. Some users are reporting seeing a banner claiming that Bieber is dead.
Google took swift action to fix the vulnerability, the search giant temporarily disrupted the comments feature and came up with a fix in about two hours:
“We took swift action to fix a cross-site scripting (XSS) vulnerability on youtube.com that was discovered several hours ago. Comments were temporarily hidden by default within an hour, and we released a complete fix for the issue in about two hours. We’re continuing to study the vulnerability to help prevent similar issues in the future.”