Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability

From: Ahmet Sabri ALPER <s_alper () hotmail com>
Date: 6 Jun 2002 14:09:44 -0000


+/--------\-------- ALPER Research Labs ------/--------/+
+/---------\-------  Security Advisory  -----/---------/+
+/----------\------    ID: ARL02-A12    ----/----------/+
+/-----------\----- salper () olympos org  ---/-----------/+


Advisory Information
--------------------
Name               : php(Reactor) Cross Site Scripting Vulnerability
Software Package   : php(Reactor)
Vendor Homepage    : http://phpreactor.org/
Vulnerable Versions: v1.2.7 and older
Platforms          : OS Independent, PHP
Vulnerability Type : Input Validation Error
Vendor Contacted   : 15/05/2002
Vendor Replied     : 15/05/2002
Prior Problems     : N/A
Current Version    : v1.2.7pl1 (immune)


Summary
-------
php(Reactor) is a set of integrated applications
focusing on user interaction. Included are articles,
content management, bbs/forums, polls, ecards, and
chat events. Administration is quick and easy with
a browser-based control panel.

A Cross Site Scripting vulnerability exists in
php(Reactor). This would allow a remote attacker
to send information to victims from untrusted web
servers, and make it look as if the information
came from the legitimate server.


Details
-------
The "browse.php", in the "comments" section does not
filter user input for $go variable. So any user may
craft a malicious link, and can gain information about
users, and even may get the login information of the
administrator.

Here's the proof-of-concept link example;
http://[target]/comments/browse.php?fid=2&tid=4&go=&lt;script&gt;alert
(document.cookie)&lt;/script&gt;

Note that, the $fid and $tid variables should be integers.


Solution
--------
The vendor replied quickly, and has released a new version
on 28/05/2002, which can be downloaded at
http://sourceforge.net/project/showfiles.php?
group_id=12105&release_id=91877


Credits
-------
Discovered on 15, May, 2002 by
Ahmet Sabri ALPER <salper () olympos org>
ALPER Research Labs.


References
----------
Product Web Page: http://www.phpreactor.org/
Previous By Date Next
Previous By Thread Next

Current thread: