View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017698 | mantisbt | security | public | 2014-09-23 04:04 | 2014-12-22 08:22 |
Reporter | shaheemirza | Assigned To | dregad | ||
Priority | high | Severity | major | Reproducibility | always |
Status | closed | Resolution | duplicate | ||
Summary | 0017698: An Open Redirect Vulnerability discovered | ||||
Description | Hi, I have discovered an OpenRedirect vulnerability in mantisBT. My test ground is MantisHub, and I don't know what version is using there. Any logged-in user is vulnerable to this Bug. PoC: https://root.mantishub.com/login_page.php?return=https%3A%2F%2Ftwitter.com%2Fshaheemirza I have attached an Screen Recorded Video. URL: https://www.dropbox.com/s/m42ngiio0ev2cy2/mantisbt-opendir.flv?dl=1 Regards, Shahee Mirza | ||||
Steps To Reproduce | https://www.dropbox.com/s/m42ngiio0ev2cy2/mantisbt-opendir.flv?dl=1 | ||||
Tags | No tags attached. | ||||
On the basis of how 0017648 was handled by @grangeway, I'm resolving this as duplicate of 0017362. For the record, CVE-2014-6316 was assigned to this issue. |
|
Changing relationships, as 0017648 is now used to track resolution of this issue. |
|