"We were able to find some permanent XSS vectors in dailymotion.com: videos have a 'Title' field, which is not properly filtered and returned to user in certain conditions. So it becomes possible to execute malicious script content when user is searching for a video to add to his mood. You may also test it by entering word 'saugumas' in dailymotion.com video search field.
Screenshots are available here: http://www.critical.lt/?opinions/show/1470"
Screenshots are available here: http://www.critical.lt/?opinions/show/1470"
However MAshable now blogs about this and points to Aviv's post. But should not the mashable crew do a little bit more research to figure out who really cut the vectors ?
For the record , it was Miroslav Lučinskij, of Critical Security in Lithuania who pwned Skype !!
Footnote to Mashable crew : for some reason your comments page hates me "Invalid email/page link or password." :(-
No comments:
Post a Comment