OpenX Exploit

If you’re running the openX ad server and you’re not running the latest version, I’d recommend doing an upgrade asap. There is a pretty bad exploit available and it’s already hitting some big sites.

The exploit is done via the Open Flash Chart 2 module. There is no check in place to make sure users should be uploading the files in that directory. If you can’t upgrade at this time then what you’ll want to do is delete admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php if you don’t use the module. Most people don’t use the module, and even if you do, I’d delete it anyway until you can upgrade.

There are a variety of ways to exploit this, but one thing you can check is look inside your admin/plugins/videoReport/lib/tmp-upload-images directory. If you see some sort of .php script in there, that’s a bad sign.

We’ve already patched 3 client servers that have had a php shell script uploaded into that directory.

An update on this. Just updating your version isn’t going to fix your problem if you’ve already been exploited. You’ll want to check the append/prepend for all of your banners and zones, since more than likely they’ve been noodling around in there to cause problems. You can look at your audit log to see if that’s happened.

Tags: , ,

One Response to “OpenX Exploit”

  1. tegex21 says:

    yeah !!
    thank a lot ..

Leave a Reply