Ezekiel 23:20
On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
<thor () hammerofgod com> wrote:
You dropped a FD on the BIBLE?? Dude, you're going straight to Hacker Hell! :)
Timothy "Thor" Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible
-----Original Message-----
From: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] On Behalf
Of Thomas Richards
Sent: Sunday, April 22, 2012 8:09 AM
To: full-disclosure () lists grok org uk
Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
# Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net # Software
http://sourceforge.net/projects/phpmybible/?source=directory
# Version: 0.5.1
# Category: webapps (php)
#
##### Description #####
phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various language as
possible. phpMyBible is designed to be flexible to all readers while maintaining the authenticity and originality of
the Holy Bible scripture.
##### Vulnerability #####
phpMyBible has multiple XSS vulnerabilities.
When reading a section of the Bible; both the 'version' and 'chapter'
variables are prone to reflective XSS.
##### Exploit #####
http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
##### Vendor Notification #####
04/15/12 - Vendor Notified
04/22/12 - No response, disclos
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
