BugTraq
Back to list
|
Post reply
planetSearch+ - XSS Vulnerabilities
Apr 13 2006 06:52PM
d4igoro gmail com
planetSearch+ - XSS Vulnerabilities
--------------------------------------------------------
Software: planetSearch+
Version: 26.10.2005
Type: Cross Site Scripting Vulnerability
Date: Apr 13 20:44:54 CEST 2006
Vendor: PlaNet Concept e.K.
Page: http://www.planetc.de
Risc: Low
credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/
Greetz: kara & hm
vulnerability:
----------------------------
http://[target]/planetsearchplus.php?search_exp=[XSS]
solution:
----------------------------
planetsearchplus.php
fix $search_exp
notes:
----------------------------
The vendor has been informed.
googledork:
----------------------------
intitle:"planetSearch+"
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
--------------------------------------------------------
Software: planetSearch+
Version: 26.10.2005
Type: Cross Site Scripting Vulnerability
Date: Apr 13 20:44:54 CEST 2006
Vendor: PlaNet Concept e.K.
Page: http://www.planetc.de
Risc: Low
credits:
----------------------------
d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/
Greetz: kara & hm
vulnerability:
----------------------------
http://[target]/planetsearchplus.php?search_exp=[XSS]
solution:
----------------------------
planetsearchplus.php
fix $search_exp
notes:
----------------------------
The vendor has been informed.
googledork:
----------------------------
intitle:"planetSearch+"
[ reply ]