[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 23 Apr 2012 19:07:53 GMT
From: Lostmon@...il.com
To: bugtraq@...urityfocus.com
Subject: Re: phpMyBible 0.5.1 Mutiple XSS
Hi,
This is a discontinued product from 2007
also we can do a simple patch to all variables here:
####### Vulnerable code ############
$book = $_REQUEST['book'];
$chapter = $_REQUEST['chapter'];
$version = $_REQUEST['version'];
$curl = $_SERVER['REQUEST_URI'];
$searchword = $_REQUEST['searchword'];
#################################
######### Patch here ############
$book = intval($_REQUEST['book']);
$chapter = intval($_REQUEST['chapter']);
$version = htmlspecialchars($_REQUEST['version']);
$curl = $_SERVER['REQUEST_URI'];
$searchword = htmlspecialchars($_REQUEST['searchword']);
##################################
Thnx For your time !!
--
atentamente:
Lostmon (lostmon@...il.com)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon
--
La curiosidad es lo que hace mover la mente....
Powered by blists - more mailing lists