inet411 Posted January 17, 2008 Share Posted January 17, 2008 I've created a few different applications in the last 3 days. An expired domain name checker - It's searches through a database of around 70000 expired domains daily, checks each one for pagerank, if it has pagerank it then validates it to make sure the pagerank is real. The end result is a searchable list of around 3000+ recently expired domain names. A clickbank rss feed generator - It grabs clickbanks xml file parses it into a readable rss format. You can enter your clickbank id, search term and number of results and you'll have an instant rss feed. Clickbank contextual ads - First, you can create an ad much like Google Adsense but with a large variety of formats available to create. You'll receive a javascript snippet once you create the ad. You can paste that on your site and a spider will crawl that page and deliver relevant clickbank ads according to your content. This uses some of the clickbank rss technology above. Here is a url to the homepage. The three applications described above are each listed on the homepage. http://www.inet411.com I'm wondering if I should continue developing these. Feedback I am looking for is: Is xx application useful? Would you use xx application? How could I profit from these? Thanks in advance for your time. Link to comment Share on other sites More sharing options...
agentsteal Posted January 17, 2008 Share Posted January 17, 2008 Array: http://www.inet411.com/tools/validate-pagerank/index.html?site[] Array: http://www.inet411.com/ads/ads.ads?id=1&site[] Cross Site Scripting: http://www.inet411.com/<marquee><h1>vulnerable Cross Site Scripting: http://www.inet411.com/tools/validate-pagerank/index.html?site=<marquee><h1>vulnerable Cross Site Scripting: http://www.inet411.com/3rdparty/php_file_tree/demo_classic.php/<marquee><h1>vulnerable</marquee> Cross Site Scripting: http://www.inet411.com/ads/ads.ads?id=1&site=<marquee><h1>vulnerable</marquee> Cross Site Scripting: There is Cross Site Scripting on http://www.inet411.com/ads/create_ad.html if the fields contain ">code. Cross Site Scripting: http://www.inet411.com/tools/expired-domains-with-pagerank/index.html?page=<marquee><h1>vulnerable Full Path Disclosure: http://www.inet411.com/rss-feeds/clickbank/clickbank.feed <b>Warning</b>: mysql_num_rows(): supplied argument is not a valid MySQL result resource in <b>/home/inet...</b> Full Path Disclosure: There is Full Path Disclosure on http://www.inet411.com/tools/validate-pagerank/index.html if the URL is invalid. Warning: file_get_contents(http://209.85.135.102/search?client=navclient-auto&ch=6193782244&features=Rank&q=info:') [function.file-get-contents]: failed to open stream: HTTP request failed! HTTP/1.0 403 Forbidden in /home/inet411/public_html/tools/validate-pagerank/index.html on line 165 Full Path Disclosure: http://www.inet411.com/rss-feeds/clickbank/clickbank.feed?q=a Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/rss-feeds/clickbank/clickbank.feed on line 51 Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/rss-feeds/clickbank/clickbank.feed on line 57 Full Path Disclosure: http://www.inet411.com/3rdparty/php_file_tree/demo_classic.php Full Path Disclosure: http://www.inet411.com/tools/validate-pagerank/index.html?site=' Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/functions/inc.php on line 78 Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/functions/inc.php on line 89 Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/functions/inc.php on line 172 Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/functions/inc.php on line 173 Warning: mysql_result(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/functions/inc.php on line 174 Full Path Disclosure: http://www.inet411.com/tools/expired-domains-with-pagerank/index.html?page[] Fatal error: Unsupported operand types in /home/inet411/public_html/tools/expired-domains-with-pagerank/index.html on line 50 Full Path Disclosure: http://www.inet411.com/tools/expired-domains-with-pagerank/index.html?page=a Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/inet411/public_html/tools/expired-domains-with-pagerank/index.html on line 60 User Enumeration: http://www.inet411.com/~inet411 Link to comment Share on other sites More sharing options...
inet411 Posted January 17, 2008 Author Share Posted January 17, 2008 Wow that was a rough one. Okay, ready for round two. all full path disclosures corrected. error reporting now logged (thanks) arrays - corrected cross site scripting easily corrected by using strip_tags and htmlspecialchars and a couple other custom made backups just in case. As far as the last one - user enumeration, that is incorrect. While the acunetix bot you used may see that it can access inet411.com~inet411 it really is a redirect page as you can see if you go there. Something acunetix needs to correct on their end. Anyway now back to my original post: I've created a few different applications in the last 3 days. 1. An expired domain name checker - It's searches through a database of around 70000 expired domains daily, checks each one for pagerank, if it has pagerank it then validates it to make sure the pagerank is real. The end result is a searchable list of around 3000+ recently expired domain names. 2. A clickbank rss feed generator - It grabs clickbanks xml file parses it into a readable rss format. You can enter your clickbank id, search term and number of results and you'll have an instant rss feed. 3. Clickbank contextual ads - First, you can create an ad much like Google Adsense but with a large variety of formats available to create. You'll receive a javascript snippet once you create the ad. You can paste that on your site and a spider will crawl that page and deliver relevant clickbank ads according to your content. This uses some of the clickbank rss technology above. Here is a url to the homepage. The three applications described above are each listed on the homepage. http://www.inet411.com I'm wondering if I should continue developing these. Feedback I am looking for is: Is xx application useful? Would you use xx application? How could I profit from these? Thanks in advance for your time. Link to comment Share on other sites More sharing options...
inet411 Posted January 17, 2008 Author Share Posted January 17, 2008 ok, apparently I can't edit my posts. I reposted in the critique area - http://www.phpfreaks.com/forums/index.php/topic,177699.0.html. Sorry didn't realize this was for security checks. But please re-check and verify. Thanks Link to comment Share on other sites More sharing options...
Recommended Posts