Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

Sun, 22 Apr 2012 20:56:49 -0700 

Ezekiel 23:20

On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
<t...@hammerofgod.com> wrote:
> You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell!  
> :)
>
>
>
> Timothy "Thor"  Mullen
> www.hammerofgod.com
> Thor's Microsoft Security Bible
>
>
>
> -----Original Message-----
> From: full-disclosure-boun...@lists.grok.org.uk 
> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thomas 
> Richards
> Sent: Sunday, April 22, 2012 8:09 AM
> To: full-disclosure@lists.grok.org.uk
> Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
>
> # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 
> # Twitter: @g13net # Software 
> http://sourceforge.net/projects/phpmybible/?source=directory
> # Version: 0.5.1
> # Category: webapps (php)
> #
>
> ##### Description #####
>
> phpMyBible is an online collaborative project to make an e-book of the Holy 
> Bible in as various language as possible. phpMyBible is designed to be 
> flexible to all readers while maintaining the authenticity and originality of 
> the Holy Bible scripture.
>
> ##### Vulnerability #####
>
> phpMyBible has multiple XSS vulnerabilities.
>
> When reading a section of the Bible; both the 'version' and 'chapter'
> variables are prone to reflective XSS.
>
> ##### Exploit #####
>
> http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
>
> ##### Vendor Notification #####
>
> 04/15/12 - Vendor Notified
> 04/22/12 - No response, disclos
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Reply via email to