lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 16 Oct 2014 12:33:23 +0800
From: Jing Wang <>
Subject: [FD] CVE-2014-2230 - OpenX Open Redirect Vulnerability

Exploit Title: OpenX Open Redirect Vulnerability
Product: OpenX
Vendor:  OpenX
Vulnerable Versions: 2.8.10 and probably prior
Tested Version: 2.8.10
Advisory Publication: OCT 8, 2014
Latest Update:  OCT 8, 2014
Vulnerability Type: Open Redirect [CWE-601]
CVE Reference: CVE-2014-2230
Risk Level: Low
CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N)
Solution Status: Solution Available
Credit: Wang Jing [Mathematics, Nanyang Technological University, Singapore]

Vulnerability Details:

OpenX adclick.php, ck.php, vulnerable to Open Redirect attacks.

Source code of adclick.php:
$destination = MAX_querystringGetDestinationUrl($adId[0]);

The "MAX_redirect" function is bellow,
function MAX_redirect($url)
if (!preg_match('/^(?:javascript|data):/i', $url)) {
header('Location: '.$url);

The header() function sends a raw HTTP header to a client without any
checking of the "$dest" parameter at all.

(1) For "adclick.php", the vulnerability occurs with "&dest" parameter.

(2) For "ck.php", it uses "adclick.php" file. the vulnerability occurs with
"_maxdest" parameter.

2014-10-12 Public disclosure with self-written patch.


Sent through the Full Disclosure mailing list
Web Archives & RSS:

Powered by blists - more mailing lists