-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Joxean Koret <[EMAIL PROTECTED]> wrote:
(answer redirected to savane-dev) > Hi! > > I'm Joxean Koret and I have been found a vulnerability in the Savanae > product. The vulnerability is explained bellow. Well, it's quite easy to sue the originator of this trouble, as it is fully logged. The wording vulnerability should be reserved for real unplanned behavior, not planned behavior that could be abused. Otherwise, you could say that any phone is vulnerable as you can flood people with phones. Since there's is no way for the flooder to modify the content of the send mail, there's no real interest in such flood. But feel free to post a bug report on the savane tracker. > > E-Mail Flood ~~~~~~~~~~~~ > > The 'forgot your password?' feature allows a remote user to load a > certain URL to cause the service to send a validation e-mail to the > specified user's e-mail address. There is no limit to the number of > messages sent over a period of time, so a remote user can flood > the target user's secondary e-mail address. E-Mail Flood, E-Mail bomber. > > The following is a "Proof Of Concept" of this vulnerability: > > [EMAIL PROTECTED] while [ true ]; do > > wget > https://gna.org/account/lostpw-confirm.php?form_loginname=joxean > > done > > Other websites has been fixed these issues by limiting the number > e-mails that can be sended in an hour, day, etc... or by using a > CAPTCHA > (http://www.captcha.net/) method. For PHP (the language in which GForge > is based) you can use a modification of the following good script, > http://www.phpclasses.org/browse/file/4147.html. This is only a proof of > concept of a CAPTCHA method that may help. I'm not the author of > the script so, I'm not responsible if you uses without luck, sorry. > > Examples of other website that were vulnerables are GMail > (http://securitytracker.com/alerts/2005/Jan/1012749.html), Bugzilla > (https://bugzilla.mozilla.org/show_bug.cgi?id=250897) or Oracle > Corporation (sorry, no link availabe ;) ). > > Regards, > Joxean Koret > > - -- Mathieu Roy +---------------------------------------------------------------------+ | General Homepage: http://yeupou.coleumes.org/ | | Computing Homepage: http://alberich.coleumes.org/ | | Not a native english speaker: | | http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english | +---------------------------------------------------------------------+ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.5 (GNU/Linux) iD8DBQFCbdTpNl9/9y2hmbkRAo0lAJ46SanLmQoY7J3HcK+LmGkroTUKOACePU12 zkNMyxf9U8W1RXhnzfXSz1Y= =pPRh -----END PGP SIGNATURE----- _______________________________________________ Savane-dev mailing list [email protected] https://mail.gna.org/listinfo/savane-dev
