Release date:
Updated on:
Affected Systems:
OpenX 2.8.10
Description:
--------------------------------------------------------------------------------
Bugtraq id: 55860
Cve id: CVE-2012-4990
OpenX is an open-source advertising server written in PHP.
OpenX 2.8.10 and other versions in the admin/campaign-zone-link.php implementation of security vulnerabilities, these vulnerabilities allow attackers to steal Cookie authentication creden。, control applications, access or modify data, and exploit other database vulnerabilities.
<* Source: High-Tech Bridge
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
Http://www.example.com/www/admin/plugin-index.php?
Action = info & amp; group = vastInlineBannerTypeHtml & amp; parent = % 22% 3E % 3C script % 3 Ealert % 28document. cookie
% 29; % 3C/script % 3E [XSS]
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
OpenX
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.openx.org/