Multiple vulnerabilities (PHP file inclusion and cross-site scripting) in OpenX version 2.8.10 have been discovered by High-Tech Bridge Security Research Lab about 2 months ago and disclosed this week.
Local File Inclusion in OpenX:
Input passed via "group" HTTP GET parameter to "/www/admin/plugin-preferences.php" and "/www/admin/plugin-settings.php" scripts is not properly verified before being used in PHP 'include()' function and can be exploited to include arbitrary local files via directory traversal sequences and URL-encoded NULL byte techniques.Cross-Site Scripting (XSS) in OpenX:
The vulnerabilities exists due to insufficient filtration of user-supplied data in "package" HTTP GET parameter passed to "/www/admin/plugin-index.php" and "group" HTTP GET parameter passed to "/www/admin/plugin-settings.php" scripts.
To fix this issues replace files from SVN repository as mentioned in High-Tech Bridge security advisory HTB23155: Multiple Vulnerabilities in OpenX, also diff-dile is available. Proof-of-Concept (PoC) examples also available on researcher's page.
No comments:
Post a Comment