OpenX Stats Problem
OpenX Delivery Security Update
I have been dealing with the stats being off for advertisers and publishers with a few clients for the last month. It seems the OpenX team has located the source of the problem and released a patch.
Blind SQL injection vulnerability
The problem seems to stem from a blind SQL injection vulnerability within the OpenX delivery engine, as described in OpenX security advisory OPENX-SA-2008-002. More Info.
Input passed to the “bannerid” parameter in www/delivery/ac.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
I have noted that all affected systems stats began to come more in line with actual adview and click through values, after applying the security patch.
Upgrading the OpenX delivery engine
Its a fairly simple and straight forward process of upgrading the openx delivery engine. You can download the patch from the OpenX website, and upload the files to your server. As always back up your files before you begin. You may also choose to upgrade your OpenX install to the latest non affected version. You can find the files and more information here.
Getting Help
If you do not feel comfortable upgrading OpenX or the delivery engine, as always my services are affordable and timely. Feel free to contact me for more information.
Comments
Advertisement
