Yahoo! recently finalized their consolidation of all their individual affiliate programs at Commission Junction to a single one. The Yahoo! Search Marketing affiliate program was one of them. Although the old YSM program was closed at CJ are old affiliate links and banners still working, but without tracking commission (free traffic for Yahoo!, way to go). This flaw itself has nothing to do with Yahoo!, but is a questionable and known “feature” of Commission Junction.


I don’t want to rant (again) about this , but it exposed a flaw in the code of the YSM landing page, which is not only embarrassing but probably also causes the folks at the Yahoo! customer service department to start believing in the existence of parallel universes.


I can only imaging what must go through the head of a CS rep due to claims made by new YSM advertisers that swear by the life of their mother that Yahoo! promised but never provided them with the advertised amount of free clicks. Not advertised on another website or old magazine, but on the YSM sign-up page itself.




The problem is a flaw in the landing page code of script located at searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php.


Affiliate Links redirect to that script with a number of URL parameters, such as the affiliate ID, a number of other parameters and two parameters which we will exam in more detail now.


The “o” parameter is used to pass on the Coupon Code that grants the discount to the customer to the sign-up script. The old Coupon Code that was good for $50 in credits was USCJ17 for example (o=USCJ17). It was replaced with the new coupon code USCJ16, which is good for only $25 in credits for clicks (o=USCJ16).


The other parameter is “b”, which contains the discount amount. b=50 would be a $50.00 discount for example.


The value for “o” is not validated by the script whatsoever and “b” can be any amount Yahoo! seems to offer as discount. It shows $0 on the page if the amount does not seem to be right. 100 (= $100 discount) does not work for example, but 75 ($75) seems to be a valid promotion amount, because it is accepted as value.


Check out this fake URL and see for yourself what Yahoo!’s own website is telling the visitor:


http://searchmarketing.yahoo.com/arp/sponsoredsearch_v2.php?o=GO-GOOGLE-ADWORDS&b=75


Note: The URL is fake, no discount will be granted!


Here is a screen shot, because I don’t expect the link to work the way it does work today for much longer.


Fake GO-GOOGLE-ADWORDS Coupon Code for YSM


Advice to Yahoo!: Tell one of your developers to add a check for the coupon code (URL parameter “o”) and return an error, if it is an invalid or expired coupon (yes, show two different messages to avoid customer service issues and confusion).


While you verify the validity of the coupon code, pull also the actual discount amount that the customer gets with the coupon from the database and ignore the “b” parameter altogether.


I sent the affiliate management team of the Yahoo! affiliate program an email about this flaw and the issue with old, but seemingly working YSM promo banners and links already. I also told the AM about my blog post here at SEJ. Blogs tend to expedite response times by internet companies from time to time. :)


Carsten Cumbrowski

Cumbrowski.com, Internet Marketing Resources Portal. Pay-Per-Click Search Engine Offers and free click credits, SEM Resources and more.

1 comment:

Anonymous said...

Well, If you have ever considered writing some script to automate those things that you are doing many times daily, then you have a great and easy way to automate the entir e process. It comes without saying that a few imacros and firefox add-ons can automate all actions connected to a browser (Mozilla). If you want to automate your system as such, then you'll need another script, easy commands can automate your system. Even a beginner can automate things using a simple software called as sikuli all you need to do is to inform Sikuli what to do by giving some screenshots and easy commands.
A GUI will be used with Sikuli. Sikuli is an open siurce scripting application that will use a mixture of straightforward commands like click, type, wait and so on. There's no internal API support, it just searches the screen for the image within the screenshot-which implies that you can use it for anything. There's literally no limit on how you use it to automate things.
This is too good to be true, however if you watch the subsequent video, you'll come to know that this is often extremely easy. If you visit their home page, you get a lot of tutorials and support; it can be a cake walk even for beginners. You'll check the video as well as get the software at [url=http://technoages.com/operating-system/apple-mac-os/automate-everything-through-a-simple-script-make-your-computer-listen-to-you/]TechnoAges.com[/url]