[prev in list] [next in list] [prev in thread] [next in thread]
List: full-disclosure
Subject: Re: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
From: "Martin Allert" <allert () arago ! de>
Date: 2012-04-26 9:04:18
Message-ID: 3D8319546A29FE45BFB726EC435C5F8506109609 () exchange1 ! arago ! de
[Download RAW message or body]
Just let go (Buddha) :)
SCNR :)
--
Martin Allert
arago Institut für komplexes Datenmanagement AG
Eschersheimer Landstraße 526 - 532
60433 Frankfurt am Main
eMail: allert@arago.de - www: http://www.arago.de
Tel: +49-69-40568-403
Fax: +49-69-40568-111
--
Bankverbindung: Frankfurter Sparkasse, BLZ: 500 502 01, Kto.-Nr.: 79343
Vorstand: Hans-Christian Boos, Martin Friedrich
Vorsitzender des Aufsichtsrats: Dr. Bernhard Walther
Sitz: Kronberg im Taunus · HRB 5731 · Registergericht: Königstein i.Ts
Ust.Idnr. DE 178572359 · Steuernummer 2603 003 228 43435
Folgen Sie uns hier: automatisierungs-experten.de -- www.hcboos.net -- \
facebook.com/aragoAutomationExperts -- twitter.com/arago_AG -- xing.com/companies/aragoag -- \
linkedin.com/company/arago-ag -- slideshare.net/Arago.AG -- youtube.com/aragoag -- \
flickr.com/aragoag
-----Ursprüngliche Nachricht-----
Von: full-disclosure-bounces@lists.grok.org.uk \
[mailto:full-disclosure-bounces@lists.grok.org.uk] Im Auftrag von Thomas \
Richards
Gesendet: Sonntag, 22. April 2012 17:09
An: full-disclosure@lists.grok.org.uk
Betreff: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS
# Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net \
# Software http://sourceforge.net/projects/phpmybible/?source=directory # Version: 0.5.1
# Category: webapps (php)
#
##### Description #####
phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various \
language as possible. phpMyBible is designed to be flexible to all readers while maintaining \
the authenticity and originality of the Holy Bible scripture.
##### Vulnerability #####
phpMyBible has multiple XSS vulnerabilities.
When reading a section of the Bible; both the 'version' and 'chapter'
variables are prone to reflective XSS.
##### Exploit #####
http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS]
##### Vendor Notification #####
04/15/12 - Vendor Notified
04/22/12 - No response, disclos
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic