« How to exploit the SIP Digest leak - a tutorial | Main | New tutorial published on setting up a VoIP lab »
Wednesday
Apr012009

Multiple vulnerabilities in OpenX 2.6.4 and older

Which means that if you are running OpenX, make sure to update to the latest version which was issued just now. The latest download can be found here.

We posted an advisory detailing some well hidden SQL injection vulnerabilities as well as XSS, the possibility of arbitrary file deletion and CRLF injection. Additionally, we made available a video (below) on your favorite video sharing site explaining how we were able to identify the flaws by making use of Acunetix Acusensor (not much skills involved there), analyze the flaws and eventually develop some code to exploit one of the blind SQL injection vulnerabilities. This exploit is not publicly available  but interested organizations can contact [email protected] for further details.

[youtube http://www.youtube.com/watch?v=kiNeiMS2Iu0]

References (141)

References allow you to track sources for this article, as well as articles that were written in response to this article.
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    I truly like that i never need to adjust moisturizer once i obtain a hankering to bomb down rad trails at brain smashing speeds instead of gussying up and becoming all ladylike, not all moisturizers can pull double duty so be prepared to try a few unique brand names for the ...
  • Response
    She was born the fourth of 5 youngsters right into a sporty loved ones in Cooma, New South Wales, at the foot with the Snowy Mountains, and took up snowboarding when she was eleven.
  • Response
    Response: vpozTVVM
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Blue berries, pomegranates, and blackberries all have vital antioxidant attributes (anti-oxidants are what safeguard you from absolutely free radicals which can cause cell harm which leads to wrinkles and sunshine damage.
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: diet that works
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: titanfall
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Convert MTS to AVI
    Convert MTS to AVI
  • Response
    Response: tuvanlamdep.net
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: click here
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    under a moral obligation to deal with it, Clinton said when asked whether admitting mistakes might
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: website
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: the passing
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: cheerios coupons
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: videochata.net
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: fluke 87 III
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Auckland Lawyers
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Body Surfing Fins
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: today show
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: touch screen
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: fluke 77 III
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: fluke 376
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: fluke 1577
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: hotel financing
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: fluke 87v
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: whirlpool 4396841
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: fluke megger
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: dog shock collars
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: airport storage
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: personal storage
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: self storage
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: house ventilation
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: touch screen
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: home hardware
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: pubic hair removal
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: practice investing
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: investing money
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: penny stocks
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: foam roller
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: local seo company
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: investing advice
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: massage table
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Watch Dogs Hack
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: online marketing
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Megapolis Cheats
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: horseshoes
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: future hip hop
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: ninja Saga hack
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Whatsapp hack
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: fluke 1587
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Line Rangers Hack
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: spyderco bushcraft
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Throne rush cheats
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: .U4ffEXa4WUk
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: best toys 2014
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: 350z
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: ls1 camaro headers
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: www.facebook.com
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: jcpenny.com
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: więcej...
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Whatsapp Spy
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: Framaroot
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: red bottom shoes
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: www.facebook.com
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: facebook.com
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: frutplant
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: How To Gain Muscle
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity
  • Response
    Response: vivaxa results
    Multiple vulnerabilities in OpenX 2.6.4 and older - Blog - EnableSecurity

Reader Comments

There are no comments for this journal entry. To create a new comment, use the form below.

PostPost a New Comment

Enter your information below to add a new comment.

My response is on my own website »
Author Email (optional):
Author URL (optional):
Post:
 
Some HTML allowed: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <code> <em> <i> <strike> <strong>