31.07.11 (Allgemein)
Last week a possible Cross Site Request Forgery of the OpenX AdServer was found, please see: http://www.exploit-db.com/exploits/17571/
The attached document contains a patchset I’ve just prepared to fix any of the “?????-delete.php” CSRFs – it is based on OpenX 2.8.7 and could be applied using the “patch” command.
NO WARRANTYTHE PATCHSET IS DISTRIBUTED IN THE HOPE THAT IT WILL BE USEFUL, BUT WITHOUT ANY WARRANTY. IT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
CrossSiteRequestForgeries.patch.txt.gz