Zero-day vulnerability in OpenX found

A security researcher has announced the discovery of zero-day vulnerability that affect affects the latest version of OpenX – 2.8.11, one of the most popular ad server platforms in use today.

According to Florian Sander the vulnerability, which is already being actively exploited, is effectively a code-injection vulnerability that would allow a subset of registered users to carry out code injection attacks. The vulnerability is to some code present in lib/OX/Extension/deliveryLimitations/DeliveryLimitations.php file and if a particular change is applied the vulnerability can easily be removed.

Sander is advising users of OpenX to apply the following change to line 311 of the file to resolve the issue. $result = 'MAX_check' . ucfirst($this->group) . '_' . $this->component . "('".addslashes($data)."', '".addslashes($this->comparison)."')";

“The vulnerability is used in conjunction with other vulnerabilities to gain system access through highjacked accounts”, Sander notes in a blog post.

“Revive Adserver (a fork of OpenX source) is vulnerable as well. I have submitted a pull request.” Sander added.

Sander hasn’t released a proof-of-concept openly in a bid to keep the bad guys away but has provided details about the vulnerability to maintainers of the master repository. The researcher also notes that Revive Adserver is also vulnerable.