Het ontwikkelteam van phpAdsNew heeft sinds kort versie 2.0.7 klaar staan. Dit programma is een volledig open-sourcebannersysteem met tal van verschillende functies. Zoals het ondersteunen van verschillende formaten van ads, targeting opties waardoor bepaalde ads alleen op bepaalde pagina's worden getoond en uitgebreide statistieken die ook als import bestand kunnen worden aangeleverd. Een omgeving met PHP en een MySQL database is nodig om phpAdsNew te kunnen gebruiken. De meegeleverde lijst met veranderingen ziet er als volgt uit:
phpAdsNew 2.0.7 was released to fix multiple vulnerabilities that were recently discovered:
Every user is urged to upgrade!
- An SQL injection issue has been discovered by Toni Koivunen. This vulnerability is exploitable both on MySQL and PostgreSQL. Further exploitation tecniques were discovered by Sigfried / Zone-H.
- Multiple HTTP response splitting vulnerabilities were found by Toni Koivunen.
- Multiple path disclosure vulnerabilities were found by Toni Koivunen.
The release contains also some other bug fixes and improvements:
- Added new database setting to allow connection to the database using sockets
- Rewrote the swf hardcoded link converter, which results in wider compatibility
- Added workaround to guarantee compatibility with PHP 4.4.1 (bug #35067, fixed in 4.4.2)
- Fixed bug which prevented stats-global-clients from working when there were many banners - bug #1267218
- Fixed bug on calculations made during prority compensation
- Compressed flash banners with version >= 6 were always saved as not compressed after the conversion
- Geotargeting wasn't correctly working under some circumstances
- GeoIP region for somewhat reason was broken in the last release
- Fixed potential incompatibility with mod_security which could block PAN sessionid cookie
- Fixed SQL injection vulnerability with magic_quotes off in lib-session.inc.php
- Fixed multiple full path discolsure vulnerabilities
- Fixed problems with session caused by the recent changes
- Fixed potential HTTP response splitting attacks