OpenX 2.8.10/2.8.11 XML-RPC Delivery Invocation Script www/delivery/axmlrpc.php what sql injection
CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
---|---|---|
6.8 | $0-$5k | 0.00 |
A vulnerability, which was classified as critical, was found in OpenX 2.8.10/2.8.11. This affects some unknown functionality of the file www/delivery/axmlrpc.php of the component XML-RPC Delivery Invocation Script. The manipulation of the argument what
with an unknown input leads to a sql injection vulnerability. CWE is classifying the issue as CWE-89. The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. This is going to have an impact on confidentiality, integrity, and availability. The summary by CVE is:
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter to an XML-RPC method.
The weakness was shared 12/18/2013 by Florian Sander as Revive Adserver v3.0.2 Release Notes as confirmed advisory (Website). It is possible to read the advisory at revive-adserver.com. This vulnerability is uniquely identified as CVE-2013-7149 since 12/19/2013. It is possible to initiate the attack remotely. No form of authentication is needed for exploitation. Technical details and a private exploit are known. The attack technique deployed by this issue is T1505 according to MITRE ATT&CK.
It is declared as highly functional. A worm is spreading, which is automatically exploiting this vulnerability. By approaching the search of inurl:www/delivery/axmlrpc.php it is possible to find vulnerable targets with Google Hacking. The vulnerability scanner Nessus provides a plugin with the ID 71603 (FreeBSD : OpenX -- SQL injection vulnerability (3e33a0bb-6b2f-11e3-b042-20cf30e32f6d)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family FreeBSD Local Security Checks.
Upgrading eliminates this vulnerability. A possible mitigation has been published 2 days after the disclosure of the vulnerability. The advisory contains the following remark:
In case the upgrade cannot be performed in a timely fashion, we suggest to delete the "www/delivery/axmlrpc.php" script (if not in use) as a temporary fix until the application is upgraded.
The vulnerability is also documented in the vulnerability database at Tenable (71603).
Affected
- Revive Adserver 3.0.1
- OpenX 2.8.11
Product
Name
Version
License
CPE 2.3
CPE 2.2
CVSSv4
VulDB CVSS-B Score: 🔍VulDB CVSS-BT Score: 🔍
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 7.3VulDB Meta Temp Score: 6.8
VulDB Base Score: 7.3
VulDB Temp Score: 6.8
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
AV | AC | Au | C | I | A |
---|---|---|---|---|---|
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
---|---|---|---|---|---|
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
unlock | unlock | unlock | unlock | unlock | unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Sql injectionCWE: CWE-89 / CWE-74 / CWE-707
ATT&CK: T1505
Local: No
Remote: Yes
Availability: 🔍
Access: Private
Status: Highly functional
Wormified: 🔍
Google Hack: 🔍
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
0-Day | unlock | unlock | unlock | unlock |
---|---|---|---|---|
Today | unlock | unlock | unlock | unlock |
Nessus ID: 71603
Nessus Name: FreeBSD : OpenX -- SQL injection vulnerability (3e33a0bb-6b2f-11e3-b042-20cf30e32f6d)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
D2Sec: OpenX 2.8.11 SQL Injection
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
Reaction Time: 🔍
0-Day Time: 🔍
Exposure Time: 🔍
Timeline
12/18/2013 🔍12/19/2013 🔍
12/20/2013 🔍
12/20/2013 🔍
12/20/2013 🔍
12/21/2013 🔍
12/23/2013 🔍
12/27/2013 🔍
12/31/2013 🔍
06/04/2021 🔍
Sources
Advisory: Revive Adserver v3.0.2 Release NotesResearcher: Florian Sander
Status: Confirmed
Confirmation: 🔍
CVE: CVE-2013-7149 (🔍)
Vulnerability Center: 42739 - Revive Adserver Before 3.0.2 and Openx 2.8.11 and Earlier Remote SQL Injection Vulnerability, High
SecurityFocus: 64463
Secunia: 55963 - Revive Adserver "what" SQL Injection Vulnerability, Moderately Critical
OSVDB: 101249
scip Labs: https://www.scip.ch/en/?labs.20161013
Entry
Created: 12/21/2013 23:10Updated: 06/04/2021 14:17
Changes: 12/21/2013 23:10 (78), 01/29/2018 16:08 (3), 06/04/2021 14:17 (3)
Complete: 🔍
No comments yet. Languages: en.
Please log in to comment.