Revive Adserver (formerly OpenX) zero-day actively exploited in the wild

A zero-day vulnerability that allows attackers to gain back-end access to popular open-source advertising server OpenX Source has been discovered by Florian Sander, founder of the continuous checklist tool Checkpanel.

When I asked if he knew how widespread the attacks are, Sander said he didn’t. 

“Reports of compromised servers are common in OpenX’s forums, but people are often using way outdated versions so it is hard to tell if this or older vulnerabilities are responsible,” he said, adding that the attack has been used approximately three times on their servers since September.

“The goal of the attackers is usually to use the ad server to spread malicious code. Ad servers are a great target for this, since they are often in a position to inject code in multiple websites,” he explained. “It depends on the attacker what exactly the goal is, but it is common to spread browser exploits or replace ads by the attacker’s own ads to make a profit.”