Wednesday
Apr012009
Multiple vulnerabilities in OpenX 2.6.4 and older
Wednesday, April 1, 2009 at 11:06AM
Which means that if you are running OpenX, make sure to update to the latest version which was issued just now. The latest download can be found here.
We posted an advisory detailing some well hidden SQL injection vulnerabilities as well as XSS, the possibility of arbitrary file deletion and CRLF injection. Additionally, we made available a video (below) on your favorite video sharing site explaining how we were able to identify the flaws by making use of Acunetix Acusensor (not much skills involved there), analyze the flaws and eventually develop some code to exploit one of the blind SQL injection vulnerabilities. This exploit is not publicly available but interested organizations can contact info@enablesecurity.com for further details.
[youtube http://www.youtube.com/watch?v=kiNeiMS2Iu0]
We posted an advisory detailing some well hidden SQL injection vulnerabilities as well as XSS, the possibility of arbitrary file deletion and CRLF injection. Additionally, we made available a video (below) on your favorite video sharing site explaining how we were able to identify the flaws by making use of Acunetix Acusensor (not much skills involved there), analyze the flaws and eventually develop some code to exploit one of the blind SQL injection vulnerabilities. This exploit is not publicly available but interested organizations can contact info@enablesecurity.com for further details.
[youtube http://www.youtube.com/watch?v=kiNeiMS2Iu0]
tagged blind sql, openx, sql injection, sqli, web application security in Research, Site news
blind sql, openx, sql injection, sqli, web application security in Research, Site news
Reader Comments