Bugtraq mailing list archives

Re: phpMyBible 0.5.1 Mutiple XSS

From: Lostmon () gmail com
Date: Mon, 23 Apr 2012 19:07:53 GMT

Hi,
This is a discontinued product from 2007
also we can do a simple patch to all variables here:

####### Vulnerable code ############
$book = $_REQUEST['book'];
$chapter = $_REQUEST['chapter'];
$version = $_REQUEST['version'];
$curl = $_SERVER['REQUEST_URI'];
$searchword = $_REQUEST['searchword'];
#################################

######### Patch here ############
$book = intval($_REQUEST['book']);
$chapter = intval($_REQUEST['chapter']);
$version = htmlspecialchars($_REQUEST['version']);
$curl = $_SERVER['REQUEST_URI'];
$searchword = htmlspecialchars($_REQUEST['searchword']);
##################################

Thnx For your time !!
-- 
atentamente:
Lostmon (lostmon () gmail com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon
--
La curiosidad es lo que hace mover la mente....

Current thread:

phpMyBible 0.5.1 Mutiple XSS Thomas Richards (Apr 23)
- <Possible follow-ups>
- Re: phpMyBible 0.5.1 Mutiple XSS Lostmon (Apr 23)