# Exploit Title: Clic Page XSS and SQL Injection Vulnerability # Date: 11.03.2012 # Author: OruçReis # Vendor or Software Link: http://www.clicpremium.com/ # Version: 4.0 # Category:: webapps # Google dork: inurl:"clic-page.php?id=1" # Tested on: Linux Mint Apache Localhost - Windows XAMPP Localhost # Demo site; - http://www.banexiventures.com/clic-page.php?id=1 - http://www.autocleanservice.fr/clic-page.php?id=1 - http://www.ccjovinien.fr/clic-page.php?id=1 XSS and SQL Injection Vulnerability SQL Injection Method : Blind SQL OruçReis