View Issue Details

IDProjectCategoryView StatusLast Update
0004063mantisbtsecuritypublic2006-10-09 11:54
Reporterjoxeanpiti Assigned Tomasc  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionfixed 
Product Version0.19.0a1 
Fixed in Version0.19.0rc1 
Summary0004063: Possible E-Mail Bomber
Description

We can create a simple program to send too many e-mails to any the same e-mail address by simply changing the username.

For example :

1.-Navigate to http://bugs.mantisbt.org/signup_page.php
2.- In the username field type test0
3.- In the e-mail type test@test.com
4.- Send it.

1.-Navigate to http://bugs.mantisbt.org/signup_page.php
2.- In the username field type test1
3.- In the e-mail type test@test.com
4.- Send it.

...

Additional Information

You need a filter. You don't need to send more than 3 e-mails to any person.

TagsNo tags attached.

Relationships

child of 0003987 closedvboctor Mantis 0.19.0 Release 

Activities

joxeanpiti

joxeanpiti

2004-07-10 12:14

reporter   ~0005974

Last edited: 2004-07-10 12:20

I create a simple program in PHP to test it. ¡I send me 15 e-mails in a second!

Please, correct it.

When you correct the bug I will publish the sample program.

edited on: 07-10-04 12:20

vboctor

vboctor

2004-07-13 17:19

manager   ~0006029

We should use a tool to verify that the form is being filled by a human. A script like the following can be used to achieve that:

http://www.nogajski.de/horst/php/captcha/index.php

masc

masc

2004-07-18 13:47

reporter   ~0006124

Victor,
cause I'm working on the signup pages (password...), I can add the feature you proposed as well. I think it can be interesting.
Let me know.

vboctor

vboctor

2004-07-18 17:08

manager   ~0006126

Marcello, please go ahead.

thraxisp

thraxisp

2004-08-15 10:45

reporter   ~0006993

fixed with the change in 0000633.