Re: phpMyBible 0.5.1 Mutiple XSS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,
This is a discontinued product from 2007
also we can do a simple patch to all variables here:

####### Vulnerable code ############
$book = $_REQUEST['book'];
$chapter = $_REQUEST['chapter'];
$version = $_REQUEST['version'];
$curl = $_SERVER['REQUEST_URI'];
$searchword = $_REQUEST['searchword'];
#################################

######### Patch here ############
$book = intval($_REQUEST['book']);
$chapter = intval($_REQUEST['chapter']);
$version = htmlspecialchars($_REQUEST['version']);
$curl = $_SERVER['REQUEST_URI'];
$searchword = htmlspecialchars($_REQUEST['searchword']);
##################################

Thnx For your time !!
-- 
atentamente:
Lostmon (lostmon@xxxxxxxxx)
Web-Blog: http://lostmon.blogspot.com/
Google group: http://groups.google.com/group/lostmon
--
La curiosidad es lo que hace mover la mente....


[Index of Archives]     [Linux Security]     [Netfilter]     [PHP]     [Yosemite News]     [Linux Kernel]

  Powered by Linux