Mantis Bug Tracker
 
Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories
  

View Issue Details Jump to Notes ] Wiki ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0005959mantisbtsecuritypublic2005-07-18 01:302006-10-09 11:55
Reporterjoxeanpiti 
Assigned Tothraxisp 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionfixed 
PlatformOSOS Version
Product Version1.0.0a3 
Target VersionFixed in Version1.0.0rc1 
Summary0005959: Cross Site Scripting Vulnerabilty in the mantis/view_all_set.php Script
DescriptionThe Script <mantis_dir>/view_all_set.php is vulnerable to Cross Site Scripting attacks. The paramater dir is not correctly clean when generating the response output.
Additional InformationTo try the vulnerability login to http://bugs.mantisbt.org [^] and navigate to this url:

http://bugs.mantisbt.org/view_all_set.php?sort=category&dir=ASC"><script>alert(document.cookie)</script>&type=2 [^]
TagsNo tags attached.
Attached Filespatch file icon 0005959.patch [^] (1,217 bytes) 2005-07-18 10:55 [Show Content]

- Relationships

-  Notes
User avatar (0010856)
joxeanpiti (reporter)
2005-07-18 10:55

 I have been attached a patch for this issue.
User avatar (0010862)
thraxisp (manager)
2005-07-18 15:00

 Fixed in CVS. Validate and discard improperly constructed sort criteria.

core/filter_api.php -> 1.118

Note that this could affect other places where the error handler is invoked for a string or configuration constructed from input values.

- Issue History
Date Modified Username Field Change
2005-07-18 01:30 joxeanpiti New Issue
2005-07-18 09:17 joxeanpiti Issue Monitored: joxeanpiti
2005-07-18 10:55 joxeanpiti File Added: 0005959.patch
2005-07-18 10:55 joxeanpiti Note Added: 0010856
2005-07-18 15:00 thraxisp Status new => resolved
2005-07-18 15:00 thraxisp Fixed in Version => 1.0.0rc1
2005-07-18 15:00 thraxisp Resolution open => fixed
2005-07-18 15:00 thraxisp Assigned To => thraxisp
2005-07-18 15:00 thraxisp Note Added: 0010862
2005-07-23 02:10 vboctor Status resolved => closed
2006-10-09 11:55 thraxisp View Status private => public

MantisBT 1.2.0rc2 git live[^]
Copyright © 2000 - 2010 MantisBT Group
Time: 0.3760 seconds.
memory usage: 1,804 KB
Powered by Mantis Bugtracker