('binary' encoding is not supported, stored as-is)
+/--------\-------- ALPER Research Labs ------/--------/+
+/---------\------- Security Advisory -----/---------/+
+/----------\------ ID: ARL02-A12 ----/----------/+
+/-----------\----- salper_at_olympos.org ---/-----------/+
Advisory Information
--------------------
Name : php(Reactor) Cross Site Scripting Vulnerability
Software Package : php(Reactor)
Vendor Homepage :
http://phpreactor.org/
Vulnerable Versions: v1.2.7 and older
Platforms : OS Independent, PHP
Vulnerability Type : Input Validation Error
Vendor Contacted : 15/05/2002
Vendor Replied : 15/05/2002
Prior Problems : N/A
Current Version : v1.2.7pl1 (immune)
Summary
-------
php(Reactor) is a set of integrated applications
focusing on user interaction. Included are articles,
content management, bbs/forums, polls, ecards, and
chat events. Administration is quick and easy with
a browser-based control panel.
A Cross Site Scripting vulnerability exists in
php(Reactor). This would allow a remote attacker
to send information to victims from untrusted web
servers, and make it look as if the information
came from the legitimate server.
Details
-------
The "browse.php", in the "comments" section does not
filter user input for $go variable. So any user may
craft a malicious link, and can gain information about
users, and even may get the login information of the
administrator.
Here's the proof-of-concept link example;
http://[target]/comments/browse.php?fid=2&tid=4&go=<script>alert
(document.cookie)</script>
Note that, the $fid and $tid variables should be integers.
Solution
--------
The vendor replied quickly, and has released a new version
on 28/05/2002, which can be downloaded at
http://sourceforge.net/project/showfiles.php?
group_id=12105&release_id=91877
Credits
-------
Discovered on 15, May, 2002 by
Ahmet Sabri ALPER <salper_at_olympos.org>
ALPER Research Labs.
References
----------
Product Web Page:
http://www.phpreactor.org/
Received on Jun 06 2002
Intro
