[Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

Laurelai laurelai at oneechan.org
Mon Apr 23 05:32:01 BST 2012 

On 4/22/12 10:56 PM, BMF wrote:
> Ezekiel 23:20
>
> On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
> <thor at hammerofgod.com>  wrote:
>> You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell!  :)
>>
>>
>>
>> Timothy "Thor"  Mullen
>> www.hammerofgod.com
>> Thor's Microsoft Security Bible
>>
>>
>>
>> -----Original Message-----
>> From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Thomas Richards
>> Sent: Sunday, April 22, 2012 8:09 AM
>> To: full-disclosure at lists.grok.org.uk
>> Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
>>
>> # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net # Software http://sourceforge.net/projects/phpmybible/?source=directory
>> # Version: 0.5.1
>> # Category: webapps (php)
>> #
>>
>> ##### Description #####
>>
>> phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various language as possible. phpMyBible is designed to be flexible to all readers while maintaining the authenticity and originality of the Holy Bible scripture.
>>
>> ##### Vulnerability #####
>>
>> phpMyBible has multiple XSS vulnerabilities.
>>
>> When reading a section of the Bible; both the 'version' and 'chapter'
>> variables are prone to reflective XSS.
>>
>> ##### Exploit #####
>>
>> http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
>>
>> ##### Vendor Notification #####
>>
>> 04/15/12 - Vendor Notified
>> 04/22/12 - No response, disclos
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Its Ezekiel 25:17......

http://www.youtube.com/watch?v=UmvnXKRfdb8

Full-Disclosure is hosted and sponsored by Secunia.