Zeeways Adserver Multiple Vulnerabilities

Please view the original file here.

Multiple vulnerabilities within the Zeeways Adserver were found.

>> SQL Injection
Multiple scripts with multiple parameters are affected from this vulnerability.

Example #1:
index.php?section=redir&affid=0&kid=0&zid=[SQL Injection]

Example #2:
Visit the "register" page index.php?section=user&action=register and enter your
SQLi string into the email field. Fill out the other fields with some
normal stuff (like test) and view your result.

>> Cross-Site Request Forgery
Visit the "register" page index.php?section=user&action=register and enter your
CSRF string into the email field. Fill out the other fields with some
normal stuff (like test) and view your result.

>> Local Installation Path Disclosure
Visit index.php?section=doc&action= and fill out the action parameter.

Example:
index.php?section=doc&action=test

>> Interesting error message
Visit index.php?section=doc&action=test and play around with both the section and
action parameters. You will notice that a local file inclusion is not possible
(especially when you look at the section variable), but still you will be able
to "inject" some stuff in the action parameter.
For example use
index.php?section=doc&action=#
to get no output.

This is not a real code injection vulnerability, but still some special control
characters affect the output of the website. Maybe you are able to trigger some
interesting stuff.