0006275: SQL injection

ID	Project	Category	View Status	Date Submitted	Last Update
0006275	mantisbt	security	public	2005-09-20 07:22	2006-10-09 11:55

Reporter	vboctor	Assigned To	vboctor
Priority	normal	Severity	minor	Reproducibility	always
Status	closed	Resolution	fixed
Product Version	1.0.0rc2
Fixed in Version	1.0.0rc3

Summary	0006275: SQL injection
Description	This issue was reported by discojonny. It is the lost_pwd.php and lost_pwd_page.php even if lost_pwd_page.php has been selected to validate emails are in the correct format the user can still gain hashes. POC Error generated: - http://bugs.mantisbt.org/lost_pwd.php?username='&email='test@test.com' http://bugs.mantisbt.org/lost_pwd.php?username=steve&email='xyz@xyz.com http://bugs.mantisbt.org/lost_pwd.php?username='[SQL GOES HERE]&email='test@test.com' http://127.0.0.1/lost_pwd.php?username=Steve&email=a'[SQL GOES HERE]
Tags	No tags attached.

vboctor 2005-10-28 20:01 manager ~0011561	Fixed on 0.19.3, 1.0.0rc3 and main branch lost_pwd.php -> 1.5.6.1