The Hacker News Logo
Subscribe to Newsletter

OpenX Advertising Network hacked and backdoor Injected

OpenX, a leading provider of digital and mobile advertising technology has accordingly served backdoors that are injected into the Code and allows hackers to control over your Web server.

German tech site the Heise notified Germany's computer emergency response team (CERT) this week about the OpenX Ad Server (2.8.10) backdoor, allowing an attacker to execute any PHP code via the "eval" function and could have provided attackers full access to their web sites.
The OpenX team has confirmed the breach and OpenX senior application security engineer Nick Soracco said that two files in the binary distribution of 2.8.10 had been replaced with modified files that contained a remote code execution vulnerability.
The attack code is written in PHP but is hidden in a JavaScript file that is part of a video player plugin (vastServeVideoPlayer) in the OpenX distribution.


This vulnerability only applies to the free downloadable open source product, OpenX Source. It’s important to note that all of OpenX’s main suite of products, including OpenX Enterprise (ad serving), OpenX Market (exchange) and OpenX Lift (SSP) are not affected.

Server administrators can find out if they are running the OpenX version that contains the backdoor by searching for PHP tags inside .js files. Researchers from Sucuri provide a simple command for this:
$ grep -r --include "*.js" '<?php' DIRECTORYWHEREYOURSITEIS
This is not the first time when Opex.org has been hacked. Last year in March 2012, it was hacked and served malware to users.

OpenX has now released OpenX Source v2.8.11, which according to Soracco   is a mandatory upgrade for all users of 2.8.10 that should be applied immediately.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.