Jump to content

Search the Community

Showing results for tags 'axmlrpc'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Using and Managing Revive Adserver
    • Documentation
    • Using Revive Adserver
    • Managing Revive Adserver
    • Bugs
  • Advanced Topics
    • Performance, Scalability, and Reliability
    • For Developers
  • Revive Adserver Community
    • Revive Adserver Project News and Announcements
    • Feature Requests
    • Plugins
    • Requests for Consulting
    • Off Topic

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL

Found 1 result

  1. My organization has recently undergone a security incident having to do with our openx server (we use version 2.8.7). What we know - 1. The attacker most probably exploited SQL Injection vulnerability in axmlrpc.php as an enrty point into our organization. 2. From there he went on to modify 2 files in /var/cache to contain malicious code in the "compiledlimitation" key. (This code created a web shell in the plugins directory). 3. Besides the shell created by the malicious files in /var/cache he was also able to create another shell in the plugins directory. This is a publicly available shell, known to be used in the context of openx (https://www.badwarebusters.org/stories/show/19972), titled "Web Shell by oRb". we have no idea how it was created. 4. After a few days the attacker modified the contents of \openx\plugins\deliveryCacheStore\oxCacheFile\oxCacheFile.delivery.php to contain code that infects the openx cache in a way that creates another entry in /var/cache which causes openx to server malicious iframes to users. The attacker modified the oxCacheFile.delivery.php file to contain the code that can be found here: http://ninjafirewall.com/malware/?threat=2014-02-20.01 Our Database and openx installations are on different servers. We have no idea how the attacker was able to create the malicious files in \var\cache or how he was able to modify the contents of oxCacheFile.delivery.php. Does anyone have experience with this type of attack vector? Any help you can provide in understanding the what happened would be greatly appreciated. Thanks,
×
×
  • Create New...