This advisory describes a vulnerability in the permission of the directory RealMedia created as default during the installation of Open AdStream, an ad campaign management platform provided by 24/7 Real Media, which exposes directly to the Internet the configuration files, including .sql which contains access credentials. As a result, a cracker can use this flaw to install a backdoor or take the ownership of the affected component as he/she had access to all configuration files and access credentials.