Together with Florian I have recently investigated a security issue in OpenX where attackers could drop a web shell onto the server. Heise is covering the story. Unfortunately the posting suggests that this is an issue with register_globals set to “on” only, which is NOT the case.
Watch out!
:)
Leave a Reply
You must be logged in to post a comment.