Full Disclosure: Re: phpMyBible 0.5.1 Mutiple XSS

Re: phpMyBible 0.5.1 Mutiple XSS

From: BMF <badmotherfsckr () gmail com>
Date: Sun, 22 Apr 2012 20:56:23 -0700

Ezekiel 23:20

On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
<thor () hammerofgod com> wrote:

You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell!  :)



Timothy "Thor"  Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible



-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf Of 
Thomas Richards
Sent: Sunday, April 22, 2012 8:09 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

# Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net # Software 
http://sourceforge.net/projects/phpmybible/?source=directory
# Version: 0.5.1
# Category: webapps (php)
#

##### Description #####

phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various language as possible. 
phpMyBible is designed to be flexible to all readers while maintaining the authenticity and originality of the Holy 
Bible scripture.

##### Vulnerability #####

phpMyBible has multiple XSS vulnerabilities.

When reading a section of the Bible; both the 'version' and 'chapter'
variables are prone to reflective XSS.

##### Exploit #####

http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]

##### Vendor Notification #####

04/15/12 - Vendor Notified
04/22/12 - No response, disclos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread:

phpMyBible 0.5.1 Mutiple XSS Thomas Richards (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS Thor (Hammer of God) (Apr 22)
  - Re: phpMyBible 0.5.1 Mutiple XSS Valdis . Kletnieks (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS Thor (Hammer of God) (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS Jeffrey Walton (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS Terrence (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS Alex Buie (Apr 23)
  - Re: phpMyBible 0.5.1 Mutiple XSS BMF (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS Laurelai (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS BMF (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS Laurelai (Apr 23)
    - Re: phpMyBible 0.5.1 Mutiple XSS Jason Hellenthal (Apr 23)
- Re: phpMyBible 0.5.1 Mutiple XSS Martin Allert (Apr 26)