From Encyclopedia Dramatica
Jump to navigation Jump to search
SUP /i/?!

GodTube is was a free video sharing website that was asking for it. GodTube.com was basically the trollers' gift that kept on giving. Much like JewTube, but which specialized in Christian-themed videos which Blu Aardvark is "so down for". In particular, GodTube has been compared to Conservapedia, a Christian conservative encyclopedia opposed to Wikipedia, and MyChurch (LOL), a Christian version of MySpace.

GodTube was founded by some god-fearing cunt, Chris Wyatt, who is currently a student at Dallas Theological Seminary. Word on the street is Chris Wyatt was formerly a TV producer for CBS show Kid Nation. GodTube was privately funded by investors, and dumbfucks who think evolution shouldn't be taught in schools.


win a free trip to Israel?! FUCK YEAH!

It is notable that supposedly VK411 was hiding out somewhere on the site.

A question that some of these god fearing fucks will never answer is, where is your Jesus while your priests are raping little boys? 'Jesus saves'? Tell that to the little boys who were assraped in Church. But hey, as long as it's in the name of the God, It's awwright!

Godtastic Videos From The GodTube

Broadcast Him Invasion

Various Anonymous groups (such as 420niggertits) were alerted to the existence of GodTube, and finally someone dropped LSD here [1].

The Invasion Begins

GodTube's site search, which could be used to find videos, groups,
and users, did not correctly sanitize its input. The problem however 
is using normal ASCII characters inside of any quote (single, or double)
would cause the page to output a script error, which would keep the 
vulnerability's payload from executing. In this example I converted:

into its decimal equivalent 
for each character in the string, and then had it evaluated inside of 
the String.fromCharCode function to help it execute. Therefore when 
using this example in vulnerable URL you'll force an instant redirection 
to a new location.

A similar vulnerability was found within the login page, which 
was accessible whether the user is logged out, or currently 
logged in. The above example simply alerts the user with their 
cookie data (if the cookie exists), but could obviously be used 
for much greater, or malicious purposes such as phishing, stealing
cookie data, altering user information, installing third-party 
malware, or just about anything else that's possible using a computer.
The input goes unsanitized again, but using quotes with ASCII characters
inside will cause a script error again so String.fromCharCode must
be used when quotes are required.

Another vulnerability, just like the other reflective cross-site 
scripting holes I've already found, but inside the user signup page.
In this instance however I forego the String.fromCharCode, and use 
the eval function to evaluate statements made after the URL's fragment
identifier (the hash symbol, or "#"). Using the script placed within 
the vulnerable area an evaluation is made on the data following the URL,
which is then executed as the payload. As with an cross-site scripting 
vulnerability this can be used for an array of purposes.


Related Articles


Web 2.0 style example.png
is part of a series on
Web 2.0
Web 2.0 Concepts

Social networkingSocial networking sitesBloggingBlogosphereHashtagMemorial Page TourismPHPHypercubePodcastingWikiingAjaxRuby on RailsInternet HumanitarianismX is not your personal armyUnfriendingUnsubscribingUser-generated contentiTunes StoreVerification

Web 2.0 Sites

anonmgurAnswerbagBeboBlingeeBlogtvBroadcasterBuzzfeedChaChaDel.icio.usDeviantARTdiggDreamhostDuckDuckGoeBayFacebookFarm TownFoursquareGossip ReportHawkeeHuluInstagramjustin.tvKloutlast.fmLiveJournalLiveVideomycribMySpaceNewgroundsNingRap GeniusRedditSalonslashdotStickamTayTumblrTwitterWikipediaXangaYahoo! AnswersYouTube

People of Web 2.0

Fast EddieTom AndersonSteve ChenBrad FitzpatrickMax GoldbergMichael CrookIain HallChad HurleyKevin RoseOMGFactsKathy SierraJimmy WalesYouMark Zuckerberg


GodTube is part of a series on


Visit the Sites Portal for complete coverage.