Jump to content

xian

Approved members
 View Profile  See their activity

  • Posts

    4

  • Joined

  • Last visited

 Content Type 

Posts posted by xian

  1. How To Avoide Showing Duplicate Banners On Single Page Call?

    in Using Revive Adserver

    Posted

    Hello,

     

    I have one same zone on 3 diffrent places on the same page. but the problem is the zone is showing duplicate banners. I am using single page call method with option  "Don't show the banner again on the same page"

     

    with this code on the <head>

     

    <script type='text/javascript' src='myadserver.com/revive3.5/www/delivery/spcjs.php?id=1&amp;block=1&amp;target=_blank'></script>

     

    and on <body> called 3 times on same page

     

    <script type='text/javascript'><!--// <![CDATA[
     
        OA_show(6);
    // ]]> --></script>
     
    <script type='text/javascript'><!--// <![CDATA[
     
        OA_show(6);
    // ]]> --></script>
     
    <script type='text/javascript'><!--// <![CDATA[
     
        OA_show(6);
    // ]]> --></script>
     
     

    but not showing diffrent banners. Showing duplicate banners. How to fix it?

     

    Banner Delivery Cache Store Type is memcached

     

    Thanks in advance.

  4. Open Url Redirect Vulnerability On Revive Adserver

    in For Developers

    Posted

    Steps to reproduce the vulnerability:


    Different kinds of ads are shown on one of sites and clicking on them redirect one to the respective website.
    But this redirection isn't properly sanitized and this link(s) are using for for redirecting to anysite(s) including phishing and spam site(s) which caused harm like redirecting to phishing login page.

    here I used ad.example.com

    Steps:
    01. Clicking on any ad opens a new link
    For me it is http://ad.example.com/www/delivery/ck.php?oaparams=2__bannerid=14__zoneid=6__cb=1e354023f6__oadest=http://www.yahoo.com
    Here we see that ck.php has multiple parameter.

     

    02. the last parameter for ck.php is "oadest=" (excluding the " )

     

    03. There in oadest parameter an URL is given. We can put any URL there and it will be redirect to that
    http://ad.example.com/www/delivery/ck.php?oaparams=2__bannerid=14__zoneid=6__cb=1e354023f6__oadest=http://www.google.com
    It redirect(s) to Google

     

    04. Now I tried to see what happens if I remove oadest parameter.
    If I remove that the link is redirected to the correct site
    http://ad.example.com/www/delivery/ck.php?oaparams=2__bannerid=14__zoneid=6__cb=1e354023f6

     

    05. And then I tried what happens if the remove all the parameter except oadest
    http://ad.example.com/r/www/delivery/ck.php?oadest=http://www.google.com
    and it is redirecting to Google once again.

     

    06. I think it can be more serious if we try with ../ it redirects to admin panel
    http://ad.example.com/www/delivery/ck.php?oadest=../?

    Now this vulnerability has been used to do phishing and spam attack saying that it is a link form corosponding website and it is trusted then it asking for login to a phishing site.

    Please provide us a fix of it ASAP.

×
×
  • Create New...