0006570: XSS Vulnerability in saved queries (TKADV2005-11-002)

View Issue Details [ Jump to Notes ] [ Wiki ]

[ Issue History ] [ Print ]

Project

Category

View Status

Date Submitted

Last Update

0006570

mantisbt

security

public

2006-01-08 09:17

2006-10-09 11:55

Reporter

thraxisp

Assigned To

thraxisp

Priority

normal

Severity

minor

Reproducibility

always

Status

closed

Resolution

fixed

Platform

OS Version

Product Version

git trunk

Target Version

Fixed in Version

1.1.0a1

Summary

0006570: XSS Vulnerability in saved queries (TKADV2005-11-002)

Description

It is possible to embed an XSS or SQL script into the information passed to query_store.php. This will be stored in the database. It is also possible to embed an XSS script in the error message returned to query_store_page.php. This is primarily cosmetic.

From Thomas Waldegger [thomas.waldegger at morph3us dot org]

/query_store_page.php:

<?error_msg=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E>

/query_store.php:

<?query_name=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E>

Temporary defacement.

Tags

No tags attached.

Attached Files

Relationships

child of

0006568

closed

thraxisp

XSS Vulnerability in saved queries (TKADV2005-11-002)

Notes
(0011878) thraxisp (manager) 2006-01-08 09:20	Fixed in CVS. query_store.php -> 1.5 query_store_page.php -> 1.7

Issue History
Date Modified	Username	Field	Change
2006-01-08 09:17	thraxisp	New Issue
2006-01-08 09:17	thraxisp	Assigned To	=> thraxisp
2006-01-08 09:17	thraxisp	Issue generated from: 0006568
2006-01-08 09:17	thraxisp	Relationship added	child of 0006568
2006-01-08 09:20	thraxisp	Status	new => resolved
2006-01-08 09:20	thraxisp	Fixed in Version	=> 1.1.0
2006-01-08 09:20	thraxisp	Resolution	open => fixed
2006-01-08 09:20	thraxisp	Note Added: 0011878
2006-02-04 05:44	vboctor	Status	resolved => closed
2006-10-09 11:55	thraxisp	View Status	private => public

MantisBT 1.2.16dev master-1.2.x-8c2bd07 [^]

Time: 0.0701 seconds.
memory usage: 2,779 KB