[Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

Jason Hellenthal jhellenthal at dataix.net
Mon Apr 23 05:19:24 BST 2012 


On Sun, Apr 22, 2012 at 08:56:23PM -0700, BMF wrote:
> Ezekiel 23:20
> 
> On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
> <thor at hammerofgod.com> wrote:
> > You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell!  :)

Who is going to work for Microsoft ?

> >
> >
> >
> > Timothy "Thor"  Mullen
> > www.hammerofgod.com
> > Thor's Microsoft Security Bible
> >
> >
> >
> > -----Original Message-----
> > From: full-disclosure-bounces at lists.grok.org.uk [mailto:full-disclosure-bounces at lists.grok.org.uk] On Behalf Of Thomas Richards
> > Sent: Sunday, April 22, 2012 8:09 AM
> > To: full-disclosure at lists.grok.org.uk
> > Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
> >
> > # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net # Software http://sourceforge.net/projects/phpmybible/?source=directory
> > # Version: 0.5.1
> > # Category: webapps (php)
> > #
> >
> > ##### Description #####
> >
> > phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various language as possible. phpMyBible is designed to be flexible to all readers while maintaining the authenticity and originality of the Holy Bible scripture.
> >
> > ##### Vulnerability #####
> >
> > phpMyBible has multiple XSS vulnerabilities.
> >
> > When reading a section of the Bible; both the 'version' and 'chapter'
> > variables are prone to reflective XSS.
> >
> > ##### Exploit #####
> >
> > http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
> >
> > ##### Vendor Notification #####
> >
> > 04/15/12 - Vendor Notified
> > 04/22/12 - No response, disclos
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 

 - (2^(N-1))

Full-Disclosure is hosted and sponsored by Secunia.