Vulnerabilities in Affiliate Network Pro v7.2 Software: Affiliate Network Pro v7.2 Severity: SQL Injection(s), Arbitrary code execution, XSS Risk: High Author: Robin Verton Date: Nov. 15 2005 Vendor: www.alstrasoft.com Details 1. SQL Injection in /admin/admin_validate_login.php - Description: Due to lack of input validation, SQL injection is possible. By submitting the username "admin" and the password "' OR '1'='1" at the index.php login form, an attacker can log in as an administrator. 2. Arbitrary Code Execution in /admin/admin_options_manage.php - Description: The input of is not validated, allowing attackers to write any code into the file. For example, inserting can cause the file to display PHP information each time it is accessed. 3. XSS Vulnerability in /admin/index.php - Description: The variable is not validated against XSS, enabling the insertion of HTML code like . 4. XSS Vulnerabilities in /index.php?Act=register - Description: Fields in the register form such as , , and are also vulnerable to XSS attacks. For example: . 5. SQL Injection in /login_validate.php - Description: Similar to the admin login form, user input is not validated, allowing SQL injection and malicious code insertion. 6. Path Disclosure in /togateway.php - Description: Insufficient checks allow direct file access, potentially revealing the path of the affiliate application. Almost every file that should not be directly accessed can be accessed through direct browsing. Additional Information There are several more SQL injections in the software. The best way to secure the software is to set to ON in php.ini or to globally escape user-submitted variables. Credits to Robin Verton. References 1. http://www.alstrasoft.com/affiliate.htm 2. http://myblog.it-security23.net