| Anonymous | Login | Signup for a new account | 2013-05-19 17:43 EDT |  |
| Main | My View | View Issues | Change Log | Roadmap | Wiki | ManTweet | Repositories |
| View Issue Details [ Jump to Notes ] [ Wiki ] | [ Issue History ] [ Print ] | ||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||
| 0004063 | mantisbt | security | public | 2004-07-10 12:02 | 2006-10-09 11:54 | ||||
| Reporter | joxeanpiti | ||||||||
| Assigned To | masc | ||||||||
| Priority | normal | Severity | major | Reproducibility | always | ||||
| Status | closed | Resolution | fixed | ||||||
| Platform | OS | OS Version | |||||||
| Product Version | 0.19.0a1 | ||||||||
| Target Version | Fixed in Version | 0.19.0rc1 | |||||||
| Summary | 0004063: Possible E-Mail Bomber | ||||||||
| Description | We can create a simple program to send too many e-mails to any the same e-mail address by simply changing the username. For example : 1.-Navigate to http://bugs.mantisbt.org/signup_page.php [^] 2.- In the username field type test0 3.- In the e-mail type test@test.com 4.- Send it. 1.-Navigate to http://bugs.mantisbt.org/signup_page.php [^] 2.- In the username field type test1 3.- In the e-mail type test@test.com 4.- Send it. ... | ||||||||
| Additional Information | You need a filter. You don't need to send more than 3 e-mails to any person. | ||||||||
| Tags | No tags attached. | ||||||||
| Attached Files | |||||||||
 Relationships |
 Notes |
|
 (0005974)joxeanpiti (reporter) 2004-07-10 12:14 edited on: 2004-07-10 12:20 |
I create a simple program in PHP to test it. ¡I send me 15 e-mails in a second! Please, correct it. When you correct the bug I will publish the sample program. edited on: 07-10-04 12:20 |
 (0006029)vboctor (administrator) 2004-07-13 17:19 |
We should use a tool to verify that the form is being filled by a human. A script like the following can be used to achieve that: http://www.nogajski.de/horst/php/captcha/index.php [^] |
 (0006124)masc (developer) 2004-07-18 13:47 |
Victor, cause I'm working on the signup pages (password...), I can add the feature you proposed as well. I think it can be interesting. Let me know. |
|
(0006126) vboctor (administrator) 2004-07-18 17:08 |
Marcello, please go ahead. |
 (0006993)thraxisp (manager) 2004-08-15 10:45 |
fixed with the change in 0000633. |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2004-07-10 12:02 | joxeanpiti | New Issue | |
| 2004-07-10 12:14 | joxeanpiti | Note Added: 0005974 | |
| 2004-07-10 12:20 | joxeanpiti | Note Edited: 0005974 | |
| 2004-07-10 17:13 | vboctor | Severity | feature => major |
| 2004-07-10 17:13 | vboctor | Product Version | => 0.19.0a1 |
| 2004-07-10 17:13 | vboctor | Summary | Posible E-Mail Bomber => Possible E-Mail Bomber |
| 2004-07-10 18:41 | vboctor | Category | email => security |
| 2004-07-13 17:19 | vboctor | Note Added: 0006029 | |
| 2004-07-18 13:47 | masc | Note Added: 0006124 | |
| 2004-07-18 13:49 | joxeanpiti | Note Added: 0006125 | |
| 2004-07-18 13:51 | joxeanpiti | Note Deleted: 0006125 | |
| 2004-07-18 17:08 | vboctor | Note Added: 0006126 | |
| 2004-07-18 17:08 | vboctor | Assigned To | => masc |
| 2004-07-18 17:08 | vboctor | Status | new => assigned |
| 2004-07-23 18:38 | grangeway | Relationship added | child of 0003987 |
| 2004-08-06 11:31 | jlatour | Note Added: 0006715 | |
| 2004-08-08 11:08 | jlatour | Note Deleted: 0006715 | |
| 2004-08-15 10:45 | thraxisp | Note Added: 0006993 | |
| 2004-08-15 10:45 | thraxisp | Status | assigned => resolved |
| 2004-08-15 10:45 | thraxisp | Resolution | open => fixed |
| 2004-08-15 10:45 | thraxisp | Fixed in Version | => 0.19.0rc1 |
| 2004-08-29 01:50 | vboctor | Status | resolved => closed |
| 2006-10-09 11:54 | thraxisp | View Status | private => public |
|
Issue History |
| MantisBT 1.2.16dev master-1.2.x-8c2bd07 [^]
Copyright © 2000 - 2013 MantisBT Team
Time: 0.1103 seconds. memory usage: 2,828 KB |
|