View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0009858 | mantisbt | security | public | 2008-11-19 11:03 | 2009-06-26 12:06 |
Reporter | cooper64 | Assigned To | thraxisp | ||
Priority | normal | Severity | crash | Reproducibility | N/A |
Status | closed | Resolution | fixed | ||
Product Version | 1.1.2 | ||||
Summary | 0009858: Security problem - XSS attac possible in Mantis 1.1.2 | ||||
Description | Because I got still no answer in the forum, i write in my problem here again. My provider informed me about the attack and that the file manage_proj_page.php was the attack-point. In the result my crontab was overwrite whith this entry:
Also the directory mc-root was created in the mantis directory with any files (some looks like system files - i'm not a linux-user) and a virus named: Linux Procfake. I have Mantis now completely closed. | ||||
Additional Information | Here my Log: 75.127.107.0 - - [15/Nov/2008:08:36:44 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 0 "-" "-" | ||||
Tags | No tags attached. | ||||