Hacking For Beginners – Manthan Desai

2010

You Tube’s XSS (Cross Site Scripting) defences had been defeated. Security-minded people began shouting warnings,asking users to stay off YouTube. Other YouTube users urged others to log out from their account, for fear of cookiehijacking, and other nastiest caused by XSS attacks.

Above: Some users reported this screen when browsing the YouTube site during the attack.

Within an hour or two the problem was fixed, YouTube servers rebooted and the Internet as we know itwas restored to normality.

Very few realized that what they had just witnessed was probably most embarrassing and largest securitybreach that Google has ever suffered. This fl aw could, and tarnish Google’s reputation and raise newawareness to everyone. People ask; how can Google and YouTube such a classic XSS attack as this one?

The YouTube XSS Vulnerability Explained

In XSS (Cross Site Scripting) a ttacks such as this one the attacker manages to ‘inject’ JavaScript code into the targetwebsite.In this scriptinto

www.hackingtech.co.tv

Page 155