Numerous security holes in OpenX ad server
Security firm Secunia has reported a total of 22 hitherto unpatched vulnerabilities in the free OpenX ad server. The problems include cross-site scripting holes, cross-site request forgery as well as SQL injection holes, and a file inclusion hole. The latter can only be exploited via files that are stored locally, which reduces the risk of a successful attack. However, it can apparently also be exploited for directory traversing attacks to spy on a system's files. A suitable exploit has already appeared on Milw0rm independently of Secunia's report.
The flaws were discovered in the current version 2.6.3 of OpenX, but other versions are also likely to be vulnerable. While Secunia reports that the vendor has been notified, no update has so far become available. Secunia doesn't offer any practical suggestions for a workaround – apart from using a different product. Large sites like Metacafe and ReadWriteWeb, which use OpenX, will probably have difficulties with following Secunia's advice.
See also:
- OpenX Multiple Vulnerabilities, report by Secunia
(djwm)