The OpenX team has confirmed the breach and OpenX senior application security engineer Nick Soracco said that two files in the binary distribution of 2.8.10 had been replaced with modified files that contained a remote code execution vulnerability.
vastServeVideoPlayer) in the OpenX distribution.
This vulnerability only applies to the free downloadable open source product, OpenX Source. It’s important to note that all of OpenX’s main suite of products, including OpenX Enterprise (ad serving), OpenX Market (exchange) and OpenX Lift (SSP) are not affected.
Server administrators can find out if they are running the OpenX version that contains the backdoor by searching for PHP tags inside .js files. Researchers from Sucuri provide a simple command for this:
$ grep -r --include "*.js" '<?php' DIRECTORYWHEREYOURSITEISThis is not the first time when Opex.org has been hacked. Last year in March 2012, it was hacked and served malware to users.
OpenX has now released OpenX Source v2.8.11, which according to Soracco is a mandatory upgrade for all users of 2.8.10 that should be applied immediately.