by r0t,der4444,cembo,VietMafia

Thursday, December 01, 2005

Free ClickBank Search Engine SQL inj. vuln.

Free ClickBank Search Engine SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 1 dec. 2005
Vendor:http://phpfreebies.com/free-clickbank-search-engine-script.php
affected version:1.0 and prior


Product Description:

Free PHP/MySQL script allows you to add the thousands of products from the Clickbank® Marketplace directory to your website with your affiliate nickname. This will allow you to earn up to 75% commission per sale on each and every one. Feel free to download and use this script on any website.


Vuln. Description:

Input passed to the "keywords" parameter in "search.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/search.php?keywords=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

2 Comments:

Blogger Tech Blogger told...

Hi,
I was searching through Blogger to see if I can find some information on Making Money. I stumbled on your blog, as this was not quite what I was looking for about Making Money. I did however read your blog and found it quite interesting, keep up the good work and hopefully I will visit it again.
Regards,

10:42 AM

 
Anonymous Start told...

Hello,

Just a few words to let you know I am amazed by the attention to detail in your site. I like everything about it and I can�t wait to see more. Can you please add me to your email list if you owe one too:)? karlsult@adpost.com

Thanks,
fast money online make

11:54 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew