Tuesday 19 June 2007

Google indexes FTP Credentials from YouTube...How Ironic!

Lyecdevf (a member of the w4ck1ng community) recently started a thread on how Google indexes plain-text FTP credentials of YouTube users.

In his own words:

"This is basically a google dork. What basically happens is that if someone is logged in to his/her FTP account and checks a page which embeds a YouTube video through the FTP client, YouTube will register that as a hit from "username:password@domain.tld", simply put.

Which means that you are going to get his login information to his FTP server. Enjoy!

site:youtube.com "clicks from ftp @""

Which is a pretty cool find. But does anybody see the irony in this? I certainly do!

Original Thread:
http://www.w4ck1ng.com/board/showthread.php/new-youtube-exploit-ftp-5521.html
Posted by at

1 comment:

Anonymous said...

Silentz!

It is very interesting bug in Google. Nice find by Lyecdevf.

And it's ironically that Google help bad guys to find ftp credentials of Youtube (i.e. their own) users. Like it is ironically to use Google to quickly find sites with holes in Google Custom Search Engine (MOSEB-15 Bonus: Vulnerability in Google Custom Search Engine (http://websecurity.com.ua/1050/) ;-).

20 June 2007 at 14:01

Post a Comment

Subscribe to: Post Comments (Atom)