[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phpMyBible 0.5.1 Mutiple XSS

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpMyBible 0.5.1 Mutiple XSS
From: Lostmon@xxxxxxxxx
Date: Mon, 23 Apr 2012 19:07:53 GMT

Hi,
This is a discontinued product from 2007
also we can do a simple patch to all variables here:

####### Vulnerable code ############
$book = $_REQUEST['book'];
$chapter = $_REQUEST['chapter'];
$version = $_REQUEST['version'];
$curl = $_SERVER['REQUEST_URI'];
$searchword = $_REQUEST['searchword'];
#################################

######### Patch here ############
$book = intval($_REQUEST['book']);
$chapter = intval($_REQUEST['chapter']);
$version = htmlspecialchars($_REQUEST['version']);
$curl = $_SERVER['REQUEST_URI'];
$searchword = htmlspecialchars($_REQUEST['searchword']);
##################################

Thnx For your time !!
-- 
atentamente:
Lostmon (lostmon@xxxxxxxxx)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon
--
La curiosidad es lo que hace mover la mente....

Prev by Date: FYI: We're now paying up to $20,000 for web vulns in our services
Next by Date: [ MDVSA-2012:064 ] openssl0.9.8
Previous by thread: phpMyBible 0.5.1 Mutiple XSS
Next by thread: [Suspected Spam] IPhone TreasonSMS - HTML Inject & File Include Vulnerability
Index(es):
- Date
- Thread