Back to list
Another You tube clone script vulnerability
Jul 06 2007 10:53PM
Samael De Icaro (samael_de_icaro hotmail com)
De todo para la Mujer Latina http://latino.msn.com/mujer/
ChX Security |
Advisory #2 |
-> "Generic YouTube Clone Script - XSRF: Arbitrary Code Injection" <-
Author: Pepepistola <Pepepistola_at_chxsecurity_dot_org>
Program: Generic YouTube Clone Script
Severity: Moderately Critical
Type of Advisory: Mid Disclosure
Affected/Tested Versions: -- (* See below)
* There multiple clone scripts make by multiple vendors but all share the
and even same code, so we couldnt determinate the right (or original)
Program Description |
Dream to build your own highly profitable online video sharing community
just like YouTube or DailyMotion?
Unleash the power of video sharing to boost your websites' traffic &
The "Email-Template" module has no file type validation and a remote
attacker could lead the admin
to create a especially crafted malicious email template that allows the
remote attacker to compromise
the entire system.
The Admin has the capabilities to create and a "Email-Template" that would
be stored in the directory:
Since the module doesn't have any file type validation the admin can upload
any arbitrary file type,
so a remote attacker can gain access by just leading the (already logged-in)
admin to and a specially
crafted (malicious) website that truth a Cross-site Request Forgery make the
admin automatically create
a email template.
This could lead to a remote attacker to gain access and further more
compromise the entire system.
Proof Of Concept|
ChX Security will not release any proof of concept.
By the moment there is no official solution provided by the vendor(s)...
ChX Security encourages to the website admins to just stay logged-in only
the necessary time and keep
logged-off at all time that you dont have to do any administration related
Bug Found: 04/07/2007
Vendor Contact: --/--/--
Vendor Response: --/--/--
Public Disclosure: 06/07/2007
g30rg3_x, musashi, patoruzu, elvispresley, skyline2412 (p1mp4m)
[ reply ]
Copyright 2010, SecurityFocus