YTMNDCNW: Javascript Exploit
Created on: June 3rd, 2006
YTMNDCNW: Javascript Exploit
zaz 
escapebackslashes.ytmnd.com
Backslashes in JavaScript strings need to be escaped. See http://forums.ytmnd.com/showthread.php?t=76534
uncited
uncited
hax

Sponsorships:

Vote metrics:

rating total votes favorites comments
(3.43) 210 6 99

View metrics:

today yesterday this week this month all time
0 2 0 1 4,514

Inbound links:

views url
44 https://www.bing.com
6 http://www.google.com.hk
2 https://www.google.com/
1 http://www.google.com
1 http://www.google.com/search?sourceid=navclient&ie=UTF-8&rlz=1T4

Add a comment

Richtext is ON
Bold
Italic
Underline
Code
User Link
Site Link
Please login or register to comment.
Creamy
June 3rd, 2006
5:11:18 PM CDT
(0)
pop up!
ThePitBull
June 3rd, 2006
5:11:21 PM CDT
(0)
how did you do the O RLY?
Scottendo
June 3rd, 2006
5:11:54 PM CDT
(0)
wtf?!
alien3456
June 3rd, 2006
5:12:24 PM CDT
(0)
watttttttt
Creamy
June 3rd, 2006
5:12:30 PM CDT
(0)
the code is in the preview, lol.
Cacti
June 3rd, 2006
5:12:50 PM CDT
(0)
Wait... what just happened?!
audiopirate
June 3rd, 2006
5:13:03 PM CDT
(0)
OMG
GEshows
June 3rd, 2006
5:13:25 PM CDT
(0)
But only because of the pop up thingie,
alextide32
June 3rd, 2006
5:13:25 PM CDT
(0)
wow lol
PurpleSeadragon
June 3rd, 2006
5:14:03 PM CDT
(0)
Lol O rly. Eh, pretty cool
gtorisu9se
June 3rd, 2006
5:15:48 PM CDT
(0)
hax
TheBigDawg
June 3rd, 2006
5:16:20 PM CDT
(0)
mach-rider's right..but that's still awesome!
zaz
June 3rd, 2006
5:18:06 PM CDT
(0)
I have submitted a bug report on the forums. The hole should be easy to fix. It's tough to fully exploit because the comment lines have a length limit... I'm not sure redirect, for example, is possible. But popups and auto 5-ing are.
TheBigDawg
June 3rd, 2006
5:36:26 PM CDT
(0)
so what is the code? i can't see it :(
zaz
June 3rd, 2006
5:48:46 PM CDT
(0)
I won't give out the code, but it's pretty obvious if you look at the domain & the source of this page.
zaz
June 3rd, 2006
5:51:11 PM CDT
(0)
BTW, I did get redirect to work. You have to get the 3 lines to work together to implement longer code. Track this issue here: http://forums.ytmnd.com/showthread.php?t=76534
State-of-mind
June 3rd, 2006
7:14:44 PM CDT
(0)
I figured it out!
Dancing-is-Forbidden
June 3rd, 2006
7:22:10 PM CDT
(0)
i still haven't figured it out, 'cause i'm a total *ss =(
SalamiJones
June 3rd, 2006
7:29:44 PM CDT
(0)
Could SOMEONE help by telling me the exact code?
GIVEMEREPLAY
June 3rd, 2006
7:32:55 PM CDT
(0)
5 for popups which i was in the vent during the discovery of. FTW.
zaz
June 3rd, 2006
7:35:46 PM CDT
(0)
ytmnd.com has several weaknesses.
waffleninja
June 3rd, 2006
7:36:11 PM CDT
(0)
AHHHHHH I HAVE A VIRUS
esc861
June 3rd, 2006
7:37:06 PM CDT
(0)
Pretty clever. He did it by exploiting the code for the 3d text thingy using this statement (I believe): ");alert('O RLY');//
zaz
June 3rd, 2006
7:37:36 PM CDT
(0)
Yes, this can be used for evil. My earlier Test Site auto-5'd itself when viewed. Max needs to fix this.
Spredhaus
June 3rd, 2006
7:37:45 PM CDT
(0)
ugh, this is gonna suck. I hope the bug gets fixed before too many pop up sites come around
esc861
June 3rd, 2006
7:38:10 PM CDT
(0)
ooh, that is evil. Stop giving people ideas ;)
State-of-mind
June 3rd, 2006
7:38:39 PM CDT
(0)
New fad! and I know how!
swamphox
June 3rd, 2006
7:39:35 PM CDT
(0)
good work on finding the hole...your work is appreciated
Adverb
June 3rd, 2006
7:40:58 PM CDT
(0)
Good job finding a bug, bad job telling 117000 people how to abuse it
zaz
June 3rd, 2006
7:41:04 PM CDT
(0)
See http://fourlines.ytmnd.com/ for fad ideas until this is fixed. :-) Popups are a lame fad.
Grundge
June 3rd, 2006
7:41:26 PM CDT
(0)
I got it.
leet-shoe
June 3rd, 2006
7:41:34 PM CDT
(0)
zaz, you did it again.
Pettitman
June 3rd, 2006
7:42:52 PM CDT
(0)
omg it made me auto-5!!! haxhaxhax!!!
dedcat
June 3rd, 2006
7:45:04 PM CDT
(0)
Points for raising the bar.
zaz
June 3rd, 2006
7:45:46 PM CDT
(0)
Sorry, there's no auto-5 code on this site, and I deleted the test site that did it. I won't show people how to do that.
Kayne
June 3rd, 2006
7:46:03 PM CDT
(0)
yeah it's this line: new Array("");alert('O RLY');//", "", ""); the double backslashes escape javascript code unlike vbscript which doesn't need it, although I prefer javascript to vbscript
MoPers
June 3rd, 2006
7:46:16 PM CDT
(0)
n****r
State-of-mind
June 3rd, 2006
7:46:36 PM CDT
(0)
lol
zyle
June 3rd, 2006
7:53:16 PM CDT
(0)
hey! who broke my internet?!
everyoneiscolin
June 3rd, 2006
7:54:39 PM CDT
(0)
interesting
zaz
June 3rd, 2006
7:56:59 PM CDT
(0)
Again, remember, popups != picture/sound/text. Please see http://fourlines.ytmnd.com/ for good fad ideas. (For as long as this lasts... I want it fixed, along with DoctorGarbage deleted.)
Khash
June 3rd, 2006
7:57:34 PM CDT
(0)
Of course now every ytmnd is gonna have it. Great...
cambot
June 3rd, 2006
8:01:18 PM CDT
(0)
POP-UP!
Biskquik
June 3rd, 2006
8:01:19 PM CDT
(0)
silly js
Paulunga
June 3rd, 2006
8:15:41 PM CDT
(0)
Image/sound source?
zaz
June 3rd, 2006
8:16:43 PM CDT
(0)
GIS, and the Debussy song used in the UFO fad or whatever you call it.
Barcode711
June 3rd, 2006
8:33:20 PM CDT
(0)
:O Pretty fancy work and an issue that needs to be noticed the hard way: by being in the top rated YTMNDs. 5'd.
KingLouisXIV
June 3rd, 2006
8:37:25 PM CDT
(0)
that cat scares me as does the fact that my vote may be abused!
screwlogic
June 3rd, 2006
8:39:12 PM CDT
(0)
i hope this gets fixed jsut because i dont know how to do it and others probably do
Babrook
June 3rd, 2006
8:40:32 PM CDT
(0)
Anyone else get freaked out by that cat?
zaz
June 3rd, 2006
8:41:45 PM CDT
(0)
Yes, the cat is a bit spooky. :)
typogra
June 3rd, 2006
8:42:13 PM CDT
(0)
the music is familiar
NeoMatrixClt
June 3rd, 2006
8:44:28 PM CDT
(0)
huh? o rly?
Babrook
June 3rd, 2006
8:45:38 PM CDT
(0)
Whats the source for this cat, I need to see more.
esc861
June 3rd, 2006
8:45:46 PM CDT
(0)
oh, sh*t, fixed
zaz
June 3rd, 2006
8:45:57 PM CDT
(0)
Fixed! :)
esc861
June 3rd, 2006
8:46:47 PM CDT
(0)
5 stars for max
State-of-mind
June 3rd, 2006
8:47:02 PM CDT
(0)
It doesnt work anymore.. :(
LocutusOfBorg
June 3rd, 2006
8:47:11 PM CDT
(0)
FIVE BILLION STARS FOR TOMITA!!!!!! HOLY SHIIIIIIIIIIIIIIIIIT!
OriginalSHM
June 3rd, 2006
8:47:40 PM CDT
(0)
lol, fixed
omar
June 3rd, 2006
8:48:34 PM CDT
(0)
lol max probably caught on to it..
bigboy987
June 3rd, 2006
8:50:29 PM CDT
(0)
doctor garbage deleted too?
State-of-mind
June 3rd, 2006
8:50:49 PM CDT
(0)
well... I'll have to delete my site now that it's rendered useless.
Wwoody123
June 3rd, 2006
8:51:34 PM CDT
(0)
onetf'd
State-of-mind
June 3rd, 2006
8:53:20 PM CDT
(0)
Yeah, also someone please deleted doctor garbage. He Keeps spamming suicide video links.
zaz
June 3rd, 2006
8:53:43 PM CDT
(0)
Oops, still not fixed. :)
OriginalSHM
June 3rd, 2006
8:56:15 PM CDT
(0)
Hacks!
zaz
June 3rd, 2006
8:56:26 PM CDT
(0)
And no, DoctorGarbage appears to live on.
esc861
June 3rd, 2006
8:58:31 PM CDT
(0)
oh poop, you got it working again
mckean71
June 3rd, 2006
8:59:43 PM CDT
(0)
I find the music peaceful
zaz
June 3rd, 2006
9:01:27 PM CDT
(0)
Four Lines is back in action as well with a slight change: http://fourlines.ytmnd.com
FranzGooseball
June 3rd, 2006
9:08:19 PM CDT
(0)
i do not know why but this has to be by far the scariest ytmnd i have ever seen and i will no longer be able to sleep at night untill the day i die because of it
zaz
June 3rd, 2006
9:11:41 PM CDT
(0)
NOW it's fixed. I think... let me check.
zaz
June 3rd, 2006
9:15:09 PM CDT
(0)
FranzGooseball: I'm glad you like it. :-) I was saving the cat for a rainy NEDM, but I like it this way too.
BTape
June 3rd, 2006
9:20:22 PM CDT
(0)
maaaaan.. fixed before I got home to see it in action. :(
joshgrrr
June 4th, 2006
6:09:44 PM CDT
(0)
nice cat
secretbison
June 7th, 2006
2:40:19 PM CDT
(0)
NEDM?
Refractor
June 7th, 2006
7:04:57 PM CDT
(0)
Im not gonna lie....this is a bit creepy.
Refractor
June 7th, 2006
7:06:21 PM CDT
(0)
...I also have no idea what this seems to really be about.
SilentSwan
June 7th, 2006
9:25:40 PM CDT
(0)
:( I missed it before the fix.
hydrogenic
June 8th, 2006
12:37:56 AM CDT
(0)
i have been dreaming of this cat lately, thank you for fulfilling my fantasy.
hydrogenic
June 8th, 2006
12:45:32 AM CDT
(0)
.. no really, you changed my life with this image. i need to send you a personal cheque.
ScndPistonHonda
June 8th, 2006
4:15:28 AM CDT
(0)
deserves top 15
osufan
June 8th, 2006
4:17:17 AM CDT
(0)
source of the sound?
DarkTree
June 8th, 2006
4:59:40 AM CDT
(0)
Jesus Christ...state your sources....and.........creepy Cat ;_;
hydrogenic
June 8th, 2006
1:33:07 PM CDT
(0)
please for my sanity, release more info about this cat and sound.
hydrogenic
June 8th, 2006
2:03:30 PM CDT
(0)
GIS, and the Debussy song used in the UFO fad or whatever you call it. oh, my bad.. you are still a genius.
SlayerKeith
June 8th, 2006
9:35:11 PM CDT
(0)
The song is "Arabesque #1" by Claude DeBussy and it might sound familiar to you if you ever saw the 5 minute long PBS astonomy show "Star Gazer" (aka "Star Hustler" back in the day...lol) Keep looking up!
SlayerKeith
June 8th, 2006
9:39:02 PM CDT
(0)
BTW, I checked the Star Gazer website and the song "Arabesque #1" is performed by Isao Tomita on the still available "Snowflakes Are Dancing" album.
hydrogenic
June 9th, 2006
2:30:58 AM CDT
(0)
hey slayerkeith, you got an mp3 kicking around?
zaz
June 9th, 2006
6:38:48 PM CDT
(0)
The cat is a ballet dancer from a place where people are cats and cats dance the ballet.
ZuluZulu
June 10th, 2006
4:07:48 PM CDT
(0)
zaz: check out... original-1337.ytmnd.com only one image... the non short film version...
SlayerKeith
June 11th, 2006
8:37:55 PM CDT
(0)
Sorry hydrogenic, unfortunately I don't...
BTVagrant
June 15th, 2006
9:22:02 PM CDT
(0)
F*cking Psycho Sh*t
BTVagrant
July 3rd, 2006
5:52:16 PM CDT
(0)
Ok, I've seen you change your site title and read all the comments, but still.... The combination of the image and the sound is still f*cking psycho sh*t, lol
Ademaro
July 12th, 2006
10:13:42 PM CDT
(0)
;/
southpark
July 14th, 2006
6:45:26 PM CDT
(0)
Okay :)
archives456
July 22nd, 2006
1:10:23 AM CDT
(0)
ha, another well-deserved 1.
zaz
July 22nd, 2006
1:13:42 AM CDT
(0)
You're certainly putting a lot of work into this, archives. But you missed one.