Edgephp ClickBank Affiliate Marketplace Script - Multiple Vulnerabilities

EDB-ID:

14322




Platform:

PHP

Date:

2010-07-10


Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Edgephp Clickbank Affiliate Marketplace Script Multiple
Vulnerability
Vendor url:http://www.edgephp.com
Version:1
Published: 2010-07-11
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j.
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

Let your users search all listings or just show products from your niche. No
matter what interest brings visitors to your site, there's a good chance
those visits can be monetized with Clickbank.
CBQuick has just been improved again, is completely Clickbank TOS compliant,
and now includes the following:

Click Tracking
One Click Updates
No Duplicate Listings
Product Stats

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL:

http://server/index.php?search=[sqli]

*XSS Vulnerability

DEMO URL:

http://server/index.php?search=[xss]

*HTML Vulnerability

DEMO URL:

http://server/index.php?search=[html]

*URL Redirection

# 0day n0 m0re #
# L0rd CrusAd3r #

-- 
With R3gards,
L0rd CrusAd3r