0006569: XSS Vulnerability in saved queries (TKADV2005-11-002)

View Issue Details [ Jump to Notes ] [ Wiki ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0006569

mantisbt

security

public

2006-01-08 09:15

2006-10-09 11:55

Reporter

thraxisp

Assigned To

thraxisp

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

1.0.0rc4

Target Version

Fixed in Version

1.0.0rc5

Summary

0006569: XSS Vulnerability in saved queries (TKADV2005-11-002)

Description

It is possible to embed an XSS or SQL script into the information passed to query_store.php. This will be stored in the database. It is also possible to embed an XSS script in the error message returned to query_store_page.php. This is primarily cosmetic.

From Thomas Waldegger [thomas.waldegger at morph3us dot org]

/query_store_page.php:

<?error_msg=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E>

/query_store.php:

<?query_name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E>

Temporary defacement.

Tags

No tags attached.

Attached Files

Relationships

child of

0006568

closed

thraxisp

XSS Vulnerability in saved queries (TKADV2005-11-002)

Notes
(0011879) thraxisp (manager) 2006-01-08 09:29	Fixed in CVS. query_store.php -> 1.4.14.1 query_store_page.php -> 1.6.14.1

Issue History
Date Modified	Username	Field	Change
2006-01-08 09:15	thraxisp	New Issue
2006-01-08 09:15	thraxisp	Assigned To	=> thraxisp
2006-01-08 09:15	thraxisp	Issue generated from	0006568
2006-01-08 09:16	thraxisp	Relationship added	child of 0006568
2006-01-08 09:29	thraxisp	Status	new => resolved
2006-01-08 09:29	thraxisp	Fixed in Version	=> 1.0.0rc5
2006-01-08 09:29	thraxisp	Resolution	open => fixed
2006-01-08 09:29	thraxisp	Note Added: 0011879
2006-01-17 06:33	vboctor	Status	resolved => closed
2006-10-09 11:55	thraxisp	View Status	private => public

MantisBT 1.2.0rc2 git live[^]

Time: 0.1920 seconds.
memory usage: 1,801 KB