dansbanners wrote on 20
th Jun, 2016 at 6:09pm:
SS,
Would you be willing to join under me in a different program to make up for it?
If you want, you could still also try to join under Venkat in Planet Traffic?
If they confirm it works I will join under you in Planet-Traffic..
Since they can find this thread through their support system, I should bring this to their attention for security purposes..
Taking it one step further, in testing how the PT referring system works, take a look at this..:
When the link is:
http://www.planet-traffic.com/?5006The string of characters passed after the questionmark (?) gets parsed and then saved to a variable called id that is hidden in the registration form and will act as an input for the referrer field in the database.
So, after testing a few patterns to see how the unwanted characters are dropped out there is a pattern that escapes the check which for example can be the following..:
http://www.planet-traffic.com/?(5006)OR(1)OR(2)OR(3)...
In this case I could enter an unlimited number of IDs and it seems to be passing the checks before being saved as the id variable value.
So, if one opens the following link and proceeds to the registration page the id variable will show up like this :
As you can see the whole pattern has been saved as the referrer's id and if one proceeds to register the system will probably add that line to a database query that normally looks for the id of the referrer and assigns it to the referral or the opposite (assigns the referral to the referrer).
My point is that if this isn't prevented by further security checks the referral will end up joining in up to everyone's downline blowing up the system..
I haven't tried it because I don't want to mess anything up, I'm just bringing it up for the admin to notice and check it as a potential danger of the site.