by r0t,der4444,cembo,VietMafia

Thursday, December 01, 2005

Free ClickBank Search Engine SQL inj. vuln.

Free ClickBank Search Engine SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 1 dec. 2005
affected version:1.0 and prior

Product Description:

Free PHP/MySQL script allows you to add the thousands of products from the Clickbank® Marketplace directory to your website with your affiliate nickname. This will allow you to earn up to 75% commission per sale on each and every one. Feel free to download and use this script on any website.

Vuln. Description:

Input passed to the "keywords" parameter in "search.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Blogger Tech Blogger told...

I was searching through Blogger to see if I can find some information on Making Money. I stumbled on your blog, as this was not quite what I was looking for about Making Money. I did however read your blog and found it quite interesting, keep up the good work and hopefully I will visit it again.

10:42 AM

Anonymous Start told...


Just a few words to let you know I am amazed by the attention to detail in your site. I like everything about it and I can�t wait to see more. Can you please add me to your email list if you owe one too:)?

fast money online make

11:54 PM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew