Free ClickBank Search Engine SQL inj. vuln.
Free ClickBank Search Engine SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 1 dec. 2005
Vendor:http://phpfreebies.com/free-clickbank-search-engine-script.php
affected version:1.0 and prior
Product Description:
Free PHP/MySQL script allows you to add the thousands of products from the Clickbank® Marketplace directory to your website with your affiliate nickname. This will allow you to earn up to 75% commission per sale on each and every one. Feel free to download and use this script on any website.
Vuln. Description:
Input passed to the "keywords" parameter in "search.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
example:
/search.php?keywords=[SQL]
Solution:
Edit the source code to ensure that input is properly sanitised.
r0t at 21:55
2 Comments:
Hi,
I was searching through Blogger to see if I can find some information on Making Money. I stumbled on your blog, as this was not quite what I was looking for about Making Money. I did however read your blog and found it quite interesting, keep up the good work and hopefully I will visit it again.
Regards,
10:42 AM
Hello,
Just a few words to let you know I am amazed by the attention to detail in your site. I like everything about it and I can�t wait to see more. Can you please add me to your email list if you owe one too:)? karlsult@adpost.com
Thanks,
fast money online make
11:54 PM
Post a Comment
<< Home