Ezekiel 23:20 On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God) <t...@hammerofgod.com> wrote: > You dropped a FD on the BIBLE?? Dude, you're going straight to Hacker Hell! > :) > > > > Timothy "Thor" Mullen > www.hammerofgod.com > Thor's Microsoft Security Bible > > > > -----Original Message----- > From: full-disclosure-boun...@lists.grok.org.uk > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thomas > Richards > Sent: Sunday, April 22, 2012 8:09 AM > To: full-disclosure@lists.grok.org.uk > Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS > > # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 > # Twitter: @g13net # Software > http://sourceforge.net/projects/phpmybible/?source=directory > # Version: 0.5.1 > # Category: webapps (php) > # > > ##### Description ##### > > phpMyBible is an online collaborative project to make an e-book of the Holy > Bible in as various language as possible. phpMyBible is designed to be > flexible to all readers while maintaining the authenticity and originality of > the Holy Bible scripture. > > ##### Vulnerability ##### > > phpMyBible has multiple XSS vulnerabilities. > > When reading a section of the Bible; both the 'version' and 'chapter' > variables are prone to reflective XSS. > > ##### Exploit ##### > > http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS] > > ##### Vendor Notification ##### > > 04/15/12 - Vendor Notified > 04/22/12 - No response, disclos > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/