Youtube Clone Xross Site Scripting (load_message.php)
Discovered by Smasher
CMS: Youtube Clone Script
Site: http://warwolfz.altervista.org
WarWolfZ Security Crew.
Hello i don't know if this vuln is already out , but i've searched in
securityfocus and is not present.
Bug found in load_message.php at line 4:
<?php echo $lang['please_wait']; ?>
Ex:
http://localhost/youtube/siteadmin/editor_files/includes/load_message.php?lang[please_wait]=[XSS]
Fix:
<?php echo htmlspecialchars($lang['please_wait']); ?>
Greetz.
Smasher.