Users login

Create an account »


Users login

Home » Hacking News » php(Reactor) Cross Site Scripting Vulnerability

php(Reactor) Cross Site Scripting Vulnerability

by Nikola Strahija on June 6th, 2002 php(Reactor) is a set of integrated applications focusing on user interaction. Included are articles, content management, bbs/forums, polls, ecards, and chat events. Administration is quick and easy with a browser-based control panel. A Cross Site Scripting vulnerability exists in php(Reactor). This would allow a remote attacker to send information to victims from untrusted web servers, and make it look as if the information came from the legitimate server.

The "browse.php", in the "comments" section does not
filter user input for $go variable. So any user may
craft a malicious link, and can gain information about
users, and even may get the login information of the

Here's the proof-of-concept link example;

Note that, the $fid and $tid variables should be integers.

The vendor replied quickly, and has released a new version
on 28/05/2002, which can be downloaded at

Discovered on 15, May, 2002 by
Ahmet Sabri ALPER
ALPER Research Labs.

Product Web Page:

Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.


Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »