Walter
Well-known member
As I know that the OpenX advertising script (formerly known as phpAds) is pretty popular amongst forum admins here are some bad news: There is a new exploit out there and there is currently no patch available from OpenX. There are first reports of compromises.
The exploit is done via the Open Flash Chart 2 module (you can upload pretty anything via ofc_upload_image.php). The only solution to prevent attacks is to delete admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php if you don't use the module (99% don't use it).
There are many ways to use this exploit but one sign is if you have a file in admin/plugins/videoReport/lib/tmp-upload-images - e.g. a small shell code php script.
The OpenX web site is currently down (probably flooded by admins).
The exploit is done via the Open Flash Chart 2 module (you can upload pretty anything via ofc_upload_image.php). The only solution to prevent attacks is to delete admin/plugins/videoReport/lib/ofc2/ofc_upload_image.php if you don't use the module (99% don't use it).
There are many ways to use this exploit but one sign is if you have a file in admin/plugins/videoReport/lib/tmp-upload-images - e.g. a small shell code php script.
The OpenX web site is currently down (probably flooded by admins).