Full Disclosure mailing list archives
Re: phpMyBible 0.5.1 Mutiple XSS
From: "Martin Allert" <allert () arago de>
Date: Thu, 26 Apr 2012 11:04:18 +0200
Just let go (Buddha) :) SCNR :) -- Martin Allert arago Institut für komplexes Datenmanagement AG Eschersheimer Landstraße 526 - 532 60433 Frankfurt am Main eMail: allert () arago de - www: http://www.arago.de Tel: +49-69-40568-403 Fax: +49-69-40568-111 -- Bankverbindung: Frankfurter Sparkasse, BLZ: 500 502 01, Kto.-Nr.: 79343 Vorstand: Hans-Christian Boos, Martin Friedrich Vorsitzender des Aufsichtsrats: Dr. Bernhard Walther Sitz: Kronberg im Taunus · HRB 5731 · Registergericht: Königstein i.Ts Ust.Idnr. DE 178572359 · Steuernummer 2603 003 228 43435 Folgen Sie uns hier: automatisierungs-experten.de -- www.hcboos.net -- facebook.com/aragoAutomationExperts -- twitter.com/arago_AG -- xing.com/companies/aragoag -- linkedin.com/company/arago-ag -- slideshare.net/Arago.AG -- youtube.com/aragoag -- flickr.com/aragoag -----Ursprüngliche Nachricht----- Von: full-disclosure-bounces () lists grok org uk [mailto:full-disclosure-bounces () lists grok org uk] Im Auftrag von Thomas Richards Gesendet: Sonntag, 22. April 2012 17:09 An: full-disclosure () lists grok org uk Betreff: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net # Software http://sourceforge.net/projects/phpmybible/?source=directory # Version: 0.5.1 # Category: webapps (php) # ##### Description ##### phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various language as possible. phpMyBible is designed to be flexible to all readers while maintaining the authenticity and originality of the Holy Bible scripture. ##### Vulnerability ##### phpMyBible has multiple XSS vulnerabilities. When reading a section of the Bible; both the 'version' and 'chapter' variables are prone to reflective XSS. ##### Exploit ##### http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS] ##### Vendor Notification ##### 04/15/12 - Vendor Notified 04/22/12 - No response, disclos _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: phpMyBible 0.5.1 Mutiple XSS, (continued)
- Re: phpMyBible 0.5.1 Mutiple XSS Valdis . Kletnieks (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS Thor (Hammer of God) (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS Jeffrey Walton (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS Terrence (Apr 23)
- Re: phpMyBible 0.5.1 Mutiple XSS Alex Buie (Apr 23)
- Re: phpMyBible 0.5.1 Mutiple XSS Valdis . Kletnieks (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS BMF (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS Laurelai (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS BMF (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS Laurelai (Apr 22)
- Re: phpMyBible 0.5.1 Mutiple XSS Jason Hellenthal (Apr 23)