Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

["Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>]

You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell!  :)



Timothy "Thor"  Mullen
www.hammerofgod.com
Thor's Microsoft Security Bible



-----Original Message-----
From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
[mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Thomas Richards
Sent: Sunday, April 22, 2012 8:09 AM
To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

# Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # 
Twitter: @g13net # Software 
http://sourceforge.net/projects/phpmybible/?source=directory
# Version: 0.5.1
# Category: webapps (php)
#

##### Description #####

phpMyBible is an online collaborative project to make an e-book of the Holy 
Bible in as various language as possible. phpMyBible is designed to be flexible 
to all readers while maintaining the authenticity and originality of the Holy 
Bible scripture.

##### Vulnerability #####

phpMyBible has multiple XSS vulnerabilities.

When reading a section of the Bible; both the 'version' and 'chapter'
variables are prone to reflective XSS.

##### Exploit #####

http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]

##### Vendor Notification #####

04/15/12 - Vendor Notified
04/22/12 - No response, disclos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/