[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

To: full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
From: Laurelai <laurelai@xxxxxxxxxxxx>
Date: Sun, 22 Apr 2012 23:32:01 -0500

On 4/22/12 10:56 PM, BMF wrote:
> Ezekiel 23:20
>
> On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
> <thor@xxxxxxxxxxxxxxx>  wrote:
>> You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker Hell! 
>>  :)
>>
>>
>>
>> Timothy "Thor"  Mullen
>> www.hammerofgod.com
>> Thor's Microsoft Security Bible
>>
>>
>>
>> -----Original Message-----
>> From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
>> [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Thomas 
>> Richards
>> Sent: Sunday, April 22, 2012 8:09 AM
>> To: full-disclosure@xxxxxxxxxxxxxxxxx
>> Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
>>
>> # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 
>> # Twitter: @g13net # Software 
>> http://sourceforge.net/projects/phpmybible/?source=directory
>> # Version: 0.5.1
>> # Category: webapps (php)
>> #
>>
>> ##### Description #####
>>
>> phpMyBible is an online collaborative project to make an e-book of the Holy 
>> Bible in as various language as possible. phpMyBible is designed to be 
>> flexible to all readers while maintaining the authenticity and originality 
>> of the Holy Bible scripture.
>>
>> ##### Vulnerability #####
>>
>> phpMyBible has multiple XSS vulnerabilities.
>>
>> When reading a section of the Bible; both the 'version' and 'chapter'
>> variables are prone to reflective XSS.
>>
>> ##### Exploit #####
>>
>> http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
>>
>> ##### Vendor Notification #####
>>
>> 04/15/12 - Vendor Notified
>> 04/22/12 - No response, disclos
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
Its Ezekiel 25:17......

http://www.youtube.com/watch?v=UmvnXKRfdb8

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Follow-Ups:
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: BMF

References:
- [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Thomas Richards
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: BMF

Prev by Date: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Next by Date: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Previous by thread: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Next by thread: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Index(es):
- Date
- Thread