Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: phpMyBible 0.5.1 Mutiple XSS
From: BMF <badmotherfsckr () gmail com>
Date: Sun, 22 Apr 2012 20:56:23 -0700

Ezekiel 23:20

On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
<thor () hammerofgod com> wrote:
You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell!  :)



Timothy "Thor"  Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
Thomas Richards
Sent: Sunday, April 22, 2012 8:09 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

# Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net # Software 
http://sourceforge.net/projects/phpmybible/?source=directory
# Version: 0.5.1
# Category: webapps (php)
#

##### Description #####

phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various language as possible. 
phpMyBible is designed to be flexible to all readers while maintaining the authenticity and originality of the Holy 
Bible scripture.

##### Vulnerability #####

phpMyBible has multiple XSS vulnerabilities.

When reading a section of the Bible; both the 'version' and 'chapter'
variables are prone to reflective XSS.

##### Exploit #####

http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]

##### Vendor Notification #####

04/15/12 - Vendor Notified
04/22/12 - No response, disclos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault