Vulners
Lucene search
Zeeways Adserver Cross Site Request Forgery / SQL Injection
🗓️ 08 Nov 2010 00:00:00Reported by Valentin HoebelType 
packetstorm🔗 packetstormsecurity.com👁 20 Views
`# Exploit Title: Zeeways Adserver Multiple Vulnerabilities
# Date: 06.11.2010
# Author: Valentin
# Category: webapps/0day
# Version:
# Tested on:
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = Zeeways Adserver Multiple Vulnerabilities
Author = Valentin Hoebel
Contact = [email protected]
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = Zeeways Adserver
Vendor = Zeeways
Vendor Website = http://www.zeescripts.com
Affected Version(s) = all
This product seems not be sold by Zeeways at the moment, but still many websites
are using this product for managing their ads.
There is a Wordpress plugin existing for implementing Adserver ads into the own
blog. The link from this Wordpress module directly points to a script from the
Adserver which is affected by a SQL injection vulnerability.
[:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::]
>> SQL Injection
Multiple scripts with multiple parameters are affected from this vulnerability.
Example #1:
index.php?section=redir&affid=0&kid=0&zid=[SQL Injection]
Example #2:
Visit the "register" page index.php?section=user&action=register and enter your
SQLi string into the email field. Fill out the other fields with some
normal stuff (like test) and view your result.
>> Cross-Site Request Forgery
Visit the "register" page index.php?section=user&action=register and enter your
CSRF string into the email field. Fill out the other fields with some
normal stuff (like test) and view your result.
>> Local Installation Path Disclosure
Visit index.php?section=doc&action= and fill out the action parameter.
Example:
index.php?section=doc&action=test
>> Interesting error message
Visit index.php?section=doc&action=test and play around with both the section and
action parameters. You will notice that a local file inclusion is not possible
(especially when you look at the section variable), but still you will be able
to "inject" some stuff in the action parameter.
For example use
index.php?section=doc&action=#
to get no output.
This is not a real code injection vulnerability, but still some special control
characters affect the output of the website. Maybe you are able to trigger some
interesting stuff.
[:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::]
>> Additional Information
Advisory/Exploit Published = 06.11.2010
[:::::::::::::::::::::::::::::::::::::: 0x5 ::::::::::::::::::::::::::::::::::::::]
>> Misc
Greetz = cr4wl3r, JosS, packetstormsecurity.org, exploit-db.com
[:::::::::::::::::::::::::::::::::::::: EOF ::::::::::::::::::::::::::::::::::::::]
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
08 Nov 2010 00:00Current
0.3Low risk
Vulners AI Score0.3