Related information

Web applications security vulnerabilities (PHP, ASP, CGI, Perl, etc)

[SA17859] SAPID CMS Security Bypass Vulnerability

[SA17835] DUware Products "iType" SQL Injection Vulnerability

[SA17855] Coppermine Photo Gallery "relocate_server .php" Exposure of Configuration

[SA17793] MXChange Unspecified Cross-Site Scripting and SQL Injection Vulnerabilities

From:	r0t <krustevs_(at)_googlemail.com>
Date:	02.12.2005
Subject:	Free ClickBank Search Engine SQL inj. vuln.

Free ClickBank Search Engine SQL inj. vuln.

Vuln. dicovered by : r0t
Date: 1 dec. 2005
Orginal advisory:
http://pridels.blogspot.com/2005/12/free-clickbank-search-engine-sql-inj.html
Vendor:http://phpfreebies.com/free-clickbank-search-engine-script.php
affected version:1.0 and prior


Product Description:

Free PHP/MySQL script allows you to add the thousands of products from
the Clickbank(r) Marketplace directory to your website with your
affiliate nickname. This will allow you to earn up to 75% commission
per sale on each and every one. Feel free to download and use this
script on any website.


Vuln. Description:

Input passed to the "keywords" parameter in "search.php" isn't
properly sanitised before being used in a SQL query. This can be
exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/search.php?keywords=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.