'Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
From:       "Martin Allert" <allert () arago ! de>
Date:       2012-04-26 9:04:18
Message-ID: 3D8319546A29FE45BFB726EC435C5F8506109609 () exchange1 ! arago ! de
[Download RAW message or body]

Just let go (Buddha) :)

SCNR :)


--

Martin Allert

arago Institut für komplexes Datenmanagement AG

Eschersheimer Landstraße 526 - 532                         
60433 Frankfurt am Main
 
eMail: allert@arago.de - www: http://www.arago.de
Tel: +49-69-40568-403
Fax: +49-69-40568-111
--
Bankverbindung: Frankfurter Sparkasse, BLZ: 500 502 01, Kto.-Nr.: 79343
Vorstand: Hans-Christian Boos, Martin Friedrich
Vorsitzender des Aufsichtsrats: Dr. Bernhard Walther
Sitz: Kronberg im Taunus · HRB 5731 · Registergericht: Königstein i.Ts
Ust.Idnr. DE 178572359 · Steuernummer 2603 003 228 43435

Folgen Sie uns hier: automatisierungs-experten.de -- www.hcboos.net -- \
facebook.com/aragoAutomationExperts -- twitter.com/arago_AG -- xing.com/companies/aragoag -- \
linkedin.com/company/arago-ag -- slideshare.net/Arago.AG -- youtube.com/aragoag -- \
flickr.com/aragoag


-----Ursprüngliche Nachricht-----
Von: full-disclosure-bounces@lists.grok.org.uk \
                [mailto:full-disclosure-bounces@lists.grok.org.uk] Im Auftrag von Thomas \
                Richards
Gesendet: Sonntag, 22. April 2012 17:09
An: full-disclosure@lists.grok.org.uk
Betreff: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS

# Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net \
# Software http://sourceforge.net/projects/phpmybible/?source=directory # Version: 0.5.1
# Category: webapps (php)
#

##### Description #####

phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various \
language as possible. phpMyBible is designed to be flexible to all readers while maintaining \
the authenticity and originality of the Holy Bible scripture.

##### Vulnerability #####

phpMyBible has multiple XSS vulnerabilities.

When reading a section of the Bible; both the 'version' and 'chapter'
variables are prone to reflective XSS.

##### Exploit #####

http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]

##### Vendor Notification #####

04/15/12 - Vendor Notified
04/22/12 - No response, disclos

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic