Short Name |
HTTP:PHP:YOUTUBE-BLOG-RFI |
---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
YouTube Blog Remote File Inclusion |
Release Date |
2013/06/10 |
Update Number |
2271 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
This signature detects attempts to exploit a known remote file inclusion vulnerability against YouTube Blog. It is due to insufficient validation of user-supplied input. A remote attacker can exploit this by enticing a target to open a malicious URL link. A successful attack can result in arbitrary code execution and loss of sensitive information.
YouTube Blog is prone to multiple input-validation vulnerabilities, including an SQL-injection issue, a cross-site scripting issue, and a remote file-include issue. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, execute arbitrary code within the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database YouTube Blog 0.1 is vulnerable; other versions may also be affected.