View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0017012 | mantisbt | installation | public | 2014-02-20 13:05 | 2014-12-29 19:22 |
Reporter | olimonf | Assigned To | dregad | ||
Priority | normal | Severity | crash | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Platform | Apache with PHP Module | OS | Windows | OS Version | 7 |
Product Version | 1.2.16 | ||||
Target Version | 1.3.0-beta.1 | Fixed in Version | 1.3.0-beta.1 | ||
Summary | 0017012: Quotes not escaped on install | ||||
Description | Quotes aren't escaped in Mantis installation, For examle if my MySQL server password is 'myPass123' [with the quotes] the config_inc.php file will be saved as: "$g_db_password = ''myPass123'';" causing a crash of fatal error in mantis (Parse error: syntax error, unexpected 'myPass123' (T_STRING)). this can happen with any vars and probably its vunerable to SQL Injection. | ||||
Steps To Reproduce | Extract a new / not installed Manits file in your webDir | ||||
Tags | No tags attached. | ||||
Strings are now escaped with addslashes() where applicable.
I don't think this could lead to injection attacks, as these variables are not used in SQL queries. If you do find such a vulnerability, kindly open a private issue on this tracker with steps to reproduce it. |
|
MantisBT: master aa962973 2014-02-26 02:28 Details Diff |
Install: escape strings in generated config_inc.php Fixes 0017012 |
Affected Issues 0017012 |
|
mod - admin/install.php | Diff File | ||
MantisBT: master 38325e28 2014-12-29 14:12 Details Diff |
Install: escape strings inserted in config_inc.php This ensures it is not possible to inject arbitrary PHP code into the generated config file. Fixes 0012908, 0017012 |
Affected Issues 0012908, 0017012 |
|
mod - admin/install.php | Diff File |