Mantis Bug Tracker
 
Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories
  

View Issue Details Jump to Notes ] Wiki ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0006002mantisbtsecuritypublic2005-07-23 21:472006-10-09 11:55
Reporterjoxeanpiti 
Assigned Tothraxisp 
PrioritynormalSeverityminorReproducibilityalways
StatusclosedResolutionduplicate 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0006002: Cross Site Scripting Vulnerabilty when deleting a bug
DescriptionA Cross Site Scripting Vulnerability was found in the script /bug_actiongroup_page.php when deleting it from the /view_all_bug_page.php.
Additional InformationSteps to reproduce:

1.- Insert a bug with the following summary:
 Test<script>alert(document.cookie)</script>

2.- Find it in the /view_all_bug_page.php

3.- Click the checkbox, select delete from the drop down list bellow and click Ok.

4.- In the next screen you will see a JavaScript 'alert' message.
TagsNo tags attached.
Attached Filespatch file icon 0006002.patch [^] (712 bytes) 2005-07-23 22:02 [Show Content]

- Relationships
duplicate of 0005751closedthraxisp Javascript XSS vulnerability 

-  Notes
User avatar (0010934)
joxeanpiti (reporter)
2005-07-23 21:50

 Agh! I click accidentally the Sponsor button!
User avatar (0010935)
joxeanpiti (reporter)
2005-07-23 22:08

 I have been attached a patch for the issue called 0006002.patch.

This vulnerability may be considered non exploitable but an attacker can use the following method to force an administrator to delete a bug (or bugs)from the view_all_bug.php page:

1.- Insert 8 fake bugs that sends the cookie to a fake systems
2.- Insert one bug that sends the cookie to the attacker system
3.- Insert other 8 fake bugs.
4.- The administrator, surely, will select all the bugs from the view_all_bug.php page.
User avatar (0010992)
vboctor (administrator)
2005-07-27 18:02

 joxeanpiti, please type 0 in the sponsorship field and click sponsor. This will remove your sponsorship.
User avatar (0010993)
thraxisp (manager)
2005-07-27 18:28
edited on: 2005-07-27 18:36

 Actually, this is a duplicate of 0005751. It was fixed about 6 weeks ago, and is included in 1.0.0rc1.

If you can remove your sponsorship, we can close this.

- Issue History
Date Modified Username Field Change
2005-07-23 21:47 joxeanpiti New Issue
2005-07-23 21:48 joxeanpiti Issue Monitored: joxeanpiti
2005-07-23 21:49 joxeanpiti Sponsorship Added joxeanpiti: US$ 5
2005-07-23 21:49 joxeanpiti Sponsorship Total 0 => 5
2005-07-23 21:50 joxeanpiti Note Added: 0010934
2005-07-23 22:02 joxeanpiti File Added: 0006002.patch
2005-07-23 22:08 joxeanpiti Note Added: 0010935
2005-07-27 18:02 vboctor Note Added: 0010992
2005-07-27 18:28 thraxisp Note Added: 0010993
2005-07-27 18:36 thraxisp Note Edited: 0010993
2005-07-27 18:36 thraxisp Note Edited: 0010993
2005-07-27 18:44 joxeanpiti Sponsorship Deleted joxeanpiti: US$ 5
2005-07-27 18:44 joxeanpiti Sponsorship Total 5 => 0
2005-07-27 19:27 thraxisp Relationship added duplicate of 0005751
2005-07-27 19:27 thraxisp Duplicate ID 0 => 5751
2005-07-27 19:27 thraxisp Status new => resolved
2005-07-27 19:27 thraxisp Resolution open => duplicate
2005-07-27 19:27 thraxisp Assigned To => thraxisp
2005-09-11 08:12 vboctor Status resolved => closed
2006-10-09 11:55 thraxisp View Status private => public

MantisBT 1.2.0rc2 git live[^]
Copyright © 2000 - 2010 MantisBT Group
Time: 0.2320 seconds.
memory usage: 1,824 KB
Powered by Mantis Bugtracker