[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

To: BMF <badmotherfsckr@xxxxxxxxx>
Subject: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
From: Jason Hellenthal <jhellenthal@xxxxxxxxxx>
Date: Mon, 23 Apr 2012 00:19:24 -0400


On Sun, Apr 22, 2012 at 08:56:23PM -0700, BMF wrote:
> Ezekiel 23:20
> 
> On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God)
> <thor@xxxxxxxxxxxxxxx> wrote:
> > You dropped a FD on the BIBLE??  Dude, you're going straight to Hacker 
> > Hell!  :)

Who is going to work for Microsoft ?

> >
> >
> >
> > Timothy "Thor"  Mullen
> > www.hammerofgod.com
> > Thor's Microsoft Security Bible
> >
> >
> >
> > -----Original Message-----
> > From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx 
> > [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf Of Thomas 
> > Richards
> > Sent: Sunday, April 22, 2012 8:09 AM
> > To: full-disclosure@xxxxxxxxxxxxxxxxx
> > Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
> >
> > # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: 
> > G13 # Twitter: @g13net # Software 
> > http://sourceforge.net/projects/phpmybible/?source=directory
> > # Version: 0.5.1
> > # Category: webapps (php)
> > #
> >
> > ##### Description #####
> >
> > phpMyBible is an online collaborative project to make an e-book of the Holy 
> > Bible in as various language as possible. phpMyBible is designed to be 
> > flexible to all readers while maintaining the authenticity and originality 
> > of the Holy Bible scripture.
> >
> > ##### Vulnerability #####
> >
> > phpMyBible has multiple XSS vulnerabilities.
> >
> > When reading a section of the Bible; both the 'version' and 'chapter'
> > variables are prone to reflective XSS.
> >
> > ##### Exploit #####
> >
> > http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
> >
> > ##### Vendor Notification #####
> >
> > 04/15/12 - Vendor Notified
> > 04/22/12 - No response, disclos
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
> 
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/

-- 

 - (2^(N-1))

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Thomas Richards
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: Thor (Hammer of God)
- Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
  - From: BMF

Prev by Date: [Full-disclosure] PSFTP v.1.8 Build 921 - Null Pointer (DoS) Vulnerability
Next by Date: [Full-disclosure] [HITB-Announce] HITB Magazine Issue 008 (now with print edition!)
Previous by thread: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Next by thread: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
Index(es):
- Date
- Thread