[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

To: "Thor (Hammer of God)" <thor@xxxxxxxxxxxxxxx>
Subject: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
From: BMF <badmotherfsckr@xxxxxxxxx>
Date: Sun, 22 Apr 2012 20:56:23 -0700

Ezekiel 23:20

On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
<thor@xxxxxxxxxxxxxxx> wrote:
> You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell! 
>  :)
>
>
>
> Timothy "Thor"  Mullen
> www.hammerofgod.com
> Thor's Microsoft Security Bible
>
>
>
> -----Original Message-----
> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Thomas 
> Richards
> Sent: Sunday, April 22, 2012 8:09 AM
> To: full-disclosure@xxxxxxxxxxxxxxxxx
> Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
>
> # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 
> # Twitter: @g13net # Software 
> http://sourceforge.net/projects/phpmybible/?source=directory
> # Version: 0.5.1
> # Category: webapps (php)
> #
>
> ##### Description #####
>
> phpMyBible is an online collaborative project to make an e-book of the Holy 
> Bible in as various language as possible. phpMyBible is designed to be 
> flexible to all readers while maintaining the authenticity and originality of 
> the Holy Bible scripture.
>
> ##### Vulnerability #####
>
> phpMyBible has multiple XSS vulnerabilities.
>
> When reading a section of the Bible; both the 'version' and 'chapter'
> variables are prone to reflective XSS.
>
> ##### Exploit #####
>
> http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
>
> ##### Vendor Notification #####
>
> 04/15/12 - Vendor Notified
> 04/22/12 - No response, disclos
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Laurelai
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Jason Hellenthal

References:
- [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Thomas Richards
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Thor (Hammer of God)

Prev by Date: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Next by Date: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Previous by thread: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Next by thread: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Index(es):
- Date
- Thread