[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

planetSearch+ - XSS Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: planetSearch+ - XSS Vulnerabilities
From: d4igoro@xxxxxxxxx
Date: 13 Apr 2006 18:52:29 -0000

planetSearch+ - XSS Vulnerabilities
--------------------------------------------------------
Software: planetSearch+
Version: 26.10.2005
Type: Cross Site Scripting Vulnerability
Date: Apr 13 20:44:54 CEST 2006
Vendor: PlaNet Concept e.K.
Page: http://www.planetc.de
Risc: Low

credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/
Greetz: kara & hm

vulnerability:
----------------------------
http://[target]/planetsearchplus.php?search_exp=[XSS]

solution:
----------------------------
planetsearchplus.php
fix $search_exp

notes:
----------------------------
The vendor has been informed.

googledork:
----------------------------
intitle:"planetSearch+"

Prev by Date: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
Next by Date: Re: [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion
Previous by thread: RE: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
Next by thread: Re: [ECHO_ADV_27$2006] Indexu <= 5.0.1 Remote File Inclusion
Index(es):
- Date
- Thread