MantisBT Installation Page Exposure Scanner

MantisBT is a popular open-source web-based bug tracking system used by developers and IT teams worldwide to track software defects. It is widely utilized in both small and large projects, from personal development to enterprise-level applications. The software is used mainly to improve the quality of software projects by managing the bug reporting and resolving process. Companies rely on MantisBT for its flexibility, ease of use, and customizable features that support multiple user roles and integrations. It is employed by software development companies, IT departments, and project management teams to streamline defect tracking and enhance collaboration among developers. MantisBT's rich feature set and open-source model make it an attractive choice for organizations looking to adopt a cost-effective issue management system.

The vulnerability detected by this scanner is related to the exposure of the installation page in MantisBT due to a misconfiguration. Such exposure occurs when the installation script, typically used for setup, remains accessible after the application is set up, potentially revealing sensitive information. The installation page may contain debugging data or database connection details that should be secured. Unauthorized users accessing these pages can exploit them to breach the system's security. It is essential to secure the installation pages post-setup to prevent any unintended disclosure of sensitive setup information. The risk posed by this vulnerability highlights the importance of proper security measures and configuration practices on web applications.

Technical details of the vulnerability relate to the MantisBT installation script that can be accessed by making an HTTP GET request to the path '/admin/install.php'. If this file is not removed or secured post-installation, attackers can access it and leverage any information available to compromise the system. The scanner specifically looks for certain page elements and HTTP status codes indicating the installation page's exposure. This commonly leads to vulnerabilities if the server response confirms the existence of the installation page without proper access control. The presence of specific identifiable text strings and HTTP response headers further indicates this exposure.

When exploited by malicious actors, this vulnerability could allow unauthorized users to gain insight into the system configurations. They might acquire critical information like database connection strings, permissions settings, or other configuration parameters left in the installation script. Such information could further lead an attacker to launch more targeted attacks against the organization's infrastructure. The exploitation could result in data breaches, unauthorized access, and potentially significant disruptions to service activities. Addressing this vulnerability helps safeguard the organization against such scenarios.