![]() The vulnerability can be used to manipulate existing SQL queries. However, admin panel URL can be bruteforced or predicted in many cases.ģ) SQL Injection in MantisBT: CVE-2014-9573 Therefore, the attacker must know the location of the administrative interface in order to perform the attack. Note, that "" in the URL is changed by default during installation. A remote unauthenticated attacker can access the installation script and obtain database access credentials, which are stored in plain text in hidden form fields.Īn attacker can use the following URL to access the page an obtain database credentials (login and password) in plaintext: The vulnerability exists due to insufficient access restrictions to the installation script "//install.php" when HTTP GET "install" parameter is set to "4". However, admin panel URL can be bruteforced or predicted in many cases.Ģ) Improper Access Control in MantisBT: CVE-2014-9572 Note, that "" in the URL is changed by default during MantisBT installation. A remote attacker can trick a logged-in user to open a specially crafted link and execute arbitrary HTML and script code in browser in context of the vulnerable website.īelow are two exploitation examples that use the "alert()" JavaScript function to display "immuniweb" word: The vulnerability exists due to insufficient filtration of input data passed via the "admin_username" and "admin_password" HTTP GET parameters to "//install.php" script. Attackers can also perform spear phishing attacks against web site visitors by replacing original content of the web site with arbitrary HTML and script code, perform drive-by-download attacks by injecting malware into web pages, and bypass existing CSRF protection mechanism. Vulnerabilities described in this section can be used by attackers to steal cookies of application’s administrator and other website users. Improper access control vulnerability discloses database's credentials (login and password) in plaintext.ġ) Cross-Site Scripting (XSS) in MantisBT: CVE-2014-9571 High-Tech Bridge Security Research Lab has discovered multiple vulnerabilities in MantisBT, which can be exploited to perform Cross-Site Scripting (XSS) and SQL injection attacks. Vulnerability Type: Cross-Site Scripting, Improper Access Control, SQL Injection ĬVE References: CVE-2014-9571, CVE-2014-9572, CVE-2014-9573ĬVSSv2 Base Scores: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N), 4.3 (AV:N/AC:M/Au:N/C:P/I:N/A:N), 6.5 (AV:N/AC:L/Au:S/C:P/I:P/A:P)ĭiscovered and Provided: High-Tech Bridge Security Research Lab ( ) Vulnerable Version(s): 1.2.17 and probably priorĪdvisory Publication: Decem Change Mirror Download Advisory ID: HTB23243 ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |