On Sun, Apr 22, 2012 at 08:56:23PM -0700, BMF wrote: > Ezekiel 23:20 > > On Sun, Apr 22, 2012 at 12:59 PM, Thor (Hammer of God) > <t...@hammerofgod.com> wrote: > > You dropped a FD on the BIBLE?? Dude, you're going straight to Hacker > > Hell! :)
Who is going to work for Microsoft ? > > > > > > > > Timothy "Thor" Mullen > > www.hammerofgod.com > > Thor's Microsoft Security Bible > > > > > > > > -----Original Message----- > > From: full-disclosure-boun...@lists.grok.org.uk > > [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of Thomas > > Richards > > Sent: Sunday, April 22, 2012 8:09 AM > > To: full-disclosure@lists.grok.org.uk > > Subject: [Full-disclosure] phpMyBible 0.5.1 Mutiple XSS > > > > # Exploit Title: phpMyBible 0.5.1 Mutiple XSS # Date: 04/15/12 # Author: > > G13 # Twitter: @g13net # Software > > http://sourceforge.net/projects/phpmybible/?source=directory > > # Version: 0.5.1 > > # Category: webapps (php) > > # > > > > ##### Description ##### > > > > phpMyBible is an online collaborative project to make an e-book of the Holy > > Bible in as various language as possible. phpMyBible is designed to be > > flexible to all readers while maintaining the authenticity and originality > > of the Holy Bible scripture. > > > > ##### Vulnerability ##### > > > > phpMyBible has multiple XSS vulnerabilities. > > > > When reading a section of the Bible; both the 'version' and 'chapter' > > variables are prone to reflective XSS. > > > > ##### Exploit ##### > > > > http://localhost/index.php?book=1&version=[XSS]&chapter=[XSS] > > > > ##### Vendor Notification ##### > > > > 04/15/12 - Vendor Notified > > 04/22/12 - No response, disclos > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > > > _______________________________________________ > > Full-Disclosure - We believe in it. > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > > Hosted and sponsored by Secunia - http://secunia.com/ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ -- - (2^(N-1)) _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/