On 4/22/12 10:56 PM, BMF wrote: > Ezekiel 23:20 > > On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God) > <[email protected]> wrote: >> You dropped a FD on the BIBLE?? Dude, you're going straight to Hacker Hell! >> :) >> >> >> >> Timothy "Thor" Mullen >> www.hammerofgod.com >> Thor's Microsoft Security Bible >> >> >> >> -----Original Message----- >> From: [email protected] >> [mailto:[email protected]] On Behalf Of Thomas >> Richards >> Sent: Sunday, April 22, 2012 8:09 AM >> To: [email protected] >> Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS >> >> # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 >> # Twitter: @g13net # Software >> http://sourceforge.net/projects/phpmybible/?source=directory >> # Version: 0.5.1 >> # Category: webapps (php) >> # >> >> ##### Description ##### >> >> phpMyBible is an online collaborative project to make an e-book of the Holy >> Bible in as various language as possible. phpMyBible is designed to be >> flexible to all readers while maintaining the authenticity and originality >> of the Holy Bible scripture. >> >> ##### Vulnerability ##### >> >> phpMyBible has multiple XSS vulnerabilities. >> >> When reading a section of the Bible; both the 'version' and 'chapter' >> variables are prone to reflective XSS. >> >> ##### Exploit ##### >> >> http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS] >> >> ##### Vendor Notification ##### >> >> 04/15/12 - Vendor Notified >> 04/22/12 - No response, disclos >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ >> >> _______________________________________________ >> Full-Disclosure - We believe in it. >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >> Hosted and sponsored by Secunia - http://secunia.com/ > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ Its Ezekiel 25:17......
http://www.youtube.com/watch?v=UmvnXKRfdb8 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
