0day.today - Biggest Exploit Database in the World.
Things you should know about 0day.today:
Administration of this site uses the official contacts. Beware of impostors!
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!
Please, beware of scammers!
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Zeeways Adserver Multiple Vulnerabilities
========================================= Zeeways Adserver Multiple Vulnerabilities ========================================= # Date: 06.11.2010 # Author: Valentin # Category: webapps/0day # Version: # Tested on: # CVE : # Code : [:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::] >> General Information Advisory/Exploit Title = Zeeways Adserver Multiple Vulnerabilities Author = Valentin Hoebel Contact = valentin@xenuser.org [:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::] >> Product information Name = Zeeways Adserver Vendor = Zeeways Vendor Website = http://www.zeescripts.com Affected Version(s) = all This product seems not be sold by Zeeways at the moment, but still many websites are using this product for managing their ads. There is a Wordpress plugin existing for implementing Adserver ads into the own blog. The link from this Wordpress module directly points to a script from the Adserver which is affected by a SQL injection vulnerability. [:::::::::::::::::::::::::::::::::::::: 0x3 ::::::::::::::::::::::::::::::::::::::] >> SQL Injection Multiple scripts with multiple parameters are affected from this vulnerability. Example #1: index.php?section=redir&affid=0&kid=0&zid=[SQL Injection] Example #2: Visit the "register" page index.php?section=user&action=register and enter your SQLi string into the email field. Fill out the other fields with some normal stuff (like test) and view your result. >> Cross-Site Request Forgery Visit the "register" page index.php?section=user&action=register and enter your CSRF string into the email field. Fill out the other fields with some normal stuff (like test) and view your result. >> Local Installation Path Disclosure Visit index.php?section=doc&action= and fill out the action parameter. Example: index.php?section=doc&action=test >> Interesting error message Visit index.php?section=doc&action=test and play around with both the section and action parameters. You will notice that a local file inclusion is not possible (especially when you look at the section variable), but still you will be able to "inject" some stuff in the action parameter. For example use index.php?section=doc&action=# to get no output. This is not a real code injection vulnerability, but still some special control characters affect the output of the website. Maybe you are able to trigger some interesting stuff. [:::::::::::::::::::::::::::::::::::::: 0x4 ::::::::::::::::::::::::::::::::::::::] >> Additional Information Advisory/Exploit Published = 06.11.2010 # 0day.today [2024-12-24] #