Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
BID:17326
Info
Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
| Bugtraq ID: | 17326 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1577 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 31 2006 12:00AM |
| Updated: | Sep 21 2006 12:41AM |
| Credit: | r0t is credited with the discovery of these vulnerabilities. |
| Vulnerable: |
Mantis Mantis 1.0.1 Mantis Mantis 1.0 .0RC4 Mantis Mantis 1.0 .0RC3 Mantis Mantis 1.0 .0rc2 Mantis Mantis 1.0 .0rc1 Mantis Mantis 1.0 .0a3 Mantis Mantis 1.0 .0a2 Mantis Mantis 1.0 .0a1 Mantis Mantis 1.0 Mantis Mantis 1.0.0 RC5 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 |
| Not Vulnerable: | |
Discussion
Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
Mantis is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Mantis 1.0.1 and prior are considered vulnerable.
Mantis is prone to multiple cross-site scripting vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input.
An attacker may leverage these issues to have arbitrary script code executed in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks.
Mantis 1.0.1 and prior are considered vulnerable.
Exploit / POC
Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
Attackers can exploit these issues via a web client.
The following proof-of-concept examples are available:
http://www.example.com/view_all_set.php?type=1&temporary=y&do_filter_by_date=on&start_year=2006&start_month=03&start_day=[code]
http://www.example.com/view_all_set.php?type=1&temporary=y&do_filter_by_dateon&start_year=[code]
http://www.example.com/view_all_set.php?type=1&temporary=y&do_filter_by_date=on&start_year=2006&start_month=[code]
Attackers can exploit these issues via a web client.
The following proof-of-concept examples are available:
http://www.example.com/view_all_set.php?type=1&temporary=y&do_filter_by_date=on&start_year=2006&start_month=03&start_day=[code]
http://www.example.com/view_all_set.php?type=1&temporary=y&do_filter_by_dateon&start_year=[code]
http://www.example.com/view_all_set.php?type=1&temporary=y&do_filter_by_date=on&start_year=2006&start_month=[code]
Solution / Fix
Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Please see the referenced advisories for more information.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected]:[email protected].
Please see the referenced advisories for more information.
References
Mantis View_All_Set.PHP Multiple Cross-Site Scripting Vulnerabilities
References:
References:
- Mantis Homepage (Mantis)
- Mantis XSS vuln. (rakstija r0t)