| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <3D8319546A29FE45BFB726EC435C5F8506109609@exchange1.arago.de> Date: Thu, 26 Apr 2012 11:04:18 +0200 From: "Martin Allert" <allert@...go.de> To: "Thomas Richards" <g13net@...il.com>, <full-disclosure@...ts.grok.org.uk> Cc: Martin Allert <allert@...go.de> Subject: Re: phpMyBible 0.5.1 Mutiple XSS Just let go (Buddha) :) SCNR :) -- Martin Allert arago Institut für komplexes Datenmanagement AG Eschersheimer Landstraße 526 - 532 60433 Frankfurt am Main eMail: allert@...go.de - www: http://www.arago.de Tel: +49-69-40568-403 Fax: +49-69-40568-111 -- Bankverbindung: Frankfurter Sparkasse, BLZ: 500 502 01, Kto.-Nr.: 79343 Vorstand: Hans-Christian Boos, Martin Friedrich Vorsitzender des Aufsichtsrats: Dr. Bernhard Walther Sitz: Kronberg im Taunus · HRB 5731 · Registergericht: Königstein i.Ts Ust.Idnr. DE 178572359 · Steuernummer 2603 003 228 43435 Folgen Sie uns hier: automatisierungs-experten.de -- www.hcboos.net -- facebook.com/aragoAutomationExperts -- twitter.com/arago_AG -- xing.com/companies/aragoag -- linkedin.com/company/arago-ag -- slideshare.net/Arago.AG -- youtube.com/aragoag -- flickr.com/aragoag -----Ursprüngliche Nachricht----- Von: full-disclosure-bounces@...ts.grok.org.uk [mailto:full-disclosure-bounces@...ts.grok.org.uk] Im Auftrag von Thomas Richards Gesendet: Sonntag, 22. April 2012 17:09 An: full-disclosure@...ts.grok.org.uk Betreff: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: G13 # Twitter: @g13net # Software http://sourceforge.net/projects/phpmybible/?source=directory # Version: 0.5.1 # Category: webapps (php) # ##### Description ##### phpMyBible is an online collaborative project to make an e-book of the Holy Bible in as various language as possible. phpMyBible is designed to be flexible to all readers while maintaining the authenticity and originality of the Holy Bible scripture. ##### Vulnerability ##### phpMyBible has multiple XSS vulnerabilities. When reading a section of the Bible; both the 'version' and 'chapter' variables are prone to reflective XSS. ##### Exploit ##### http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS] ##### Vendor Notification ##### 04/15/12 - Vendor Notified 04/22/12 - No response, disclos _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists