Mantis 1.1.3 - 'manage_proj_page' PHP Code Execution (Metasploit) | CVE-2008-4687 | Lucideus Research

Introduction
As the Metasploit discloses the new Mantis RCE vulnerability which allows attackers to remotely execute codes on the server which runs mantis on the manage_proj_page.php page to get reverse meterpreter shell in return. This leads to the major issue and can give the complete access to the server to the attacker.

Mantis Bug Tracker
Mantis Bug Tracker is a free and open source, web-based bug tracking system. The most common use of MantisBT is to track software defects. However, MantisBT is often configured by users to serve as a more generic issue tracking system and project management tool.

MantisBT supports the sending of e-mail notifications upon changes being made to issues in the system. Users have the ability to specify the type of e-mails they receive and set filters to define the minimum severity of issues to receive notifications about. Users also have the ability to explicitly subscribe to issues that affect them.MantisBT requires a configured web server, the PHP programming language interpreter and a relational database management system supported by MantisBT and ADOdb.

The stable branch of MantisBT (version numbers within 1.2.x) requires PHP 5.1.0 or later. For the development branch (1.3.x), the minimum PHP version is 5.3.2.

Several PHP extensions are required to enable specific functionality or for performance reasons; the extension for the RDBMS being used (i.e. mysqli) is mandatory.

Workflow
We just set up the mantis bug tracker on the xampp server. We added the ruby exploit module in the Metasploit framework downloaded from the exploit-db.com. The exploit sends the malicious codes to the Mantis web manage_proj_page.php which sends the reverse connection to our Metasploit listener which allows us to get the meterpreter shell.

This Demo helps people who are preparing for LCEH Exam or OSCP. This type of vulnerable machine can come as 10 Marks machines in the exam, so make sure you give a shot.

Lab Environment
Machine: Kali Linux 18.1
Victim’s Machine: Mantis running on XAMPP (Windows 8.1 x64 PRO)

                                                                                POC Video

If you enjoyed this post, We will be very grateful if you’d help to spread this knowledge by emailing or WhatsApp to a friend or sharing it on Twitter or Facebook. Thank you!  Cheer!!

No comments:

Powered by Blogger.