Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12242
HistoryApr 15, 2006 - 12:00 a.m.

planetSearch+ - XSS Vulnerabilities

2006-04-1500:00:00
vulners.com
4

planetSearch+ - XSS Vulnerabilities

Software: planetSearch+
Version: 26.10.2005
Type: Cross Site Scripting Vulnerability
Date: Apr 13 20:44:54 CEST 2006
Vendor: PlaNet Concept e.K.
Page: http://www.planetc.de
Risc: Low

credits:

d4igoro - d4igoro[at]gmail[dot]com
http://d4igoro.blogspot.com/
Greetz: kara & hm

vulnerability:

http://[target]/planetsearchplus.php?search_exp=[XSS]

solution:

planetsearchplus.php
fix $search_exp

notes:

The vendor has been informed.

googledork:

intitle:"planetSearch+"