URL:
<http://gna.org/bugs/?func=detailitem&item_id=2530>
Summary: "Forgot your password" feature allows email box
flood
Project: Savane
Submitted by: joseanpiti
Submitted on: Sun 06/26/2005 at 02:44
Category: Web Frontend
Priority: C - Normal
Severity: 2 - Minor
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Release:
Planned Release:
_______________________________________________________
Details:
The 'forgot your password?' feature allows a remote user to load a certain
URL to cause the service to send a validation e-mail to the
specified user's e-mail address. There is no limit to the number of messages
sent over a period of time, so a remote user can flood
the target user's secondary e-mail address. E-Mail Flood, E-Mail bomber.
The following is a "Proof Of Concept" of this vulnerability:
[EMAIL PROTECTED] while [ true ]; do
> wget
https://gna.org/account/lostpw-confirm.php?form_loginname=joxean
> done
Attached is a patch for the lostpw-confirm.php script and also an SQL Script
to create a simple table to control the confirmation emails that can be
sended in an hour.
With this patch any user can send 3 confirmation emails per hour. This is
sufficient, I think.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Sun 06/26/2005 at 02:44 Name: forgot-your-password-patch.tar.gz Size:
944B By: joseanpiti
Patch for the lostpw-confirm.php script and SQL script to create a table that
the scripts needs.
<http://gna.org/bugs/download.php?item_id=2530&item_file_id=139>
_______________________________________________________
Reply to this item at:
<http://gna.org/bugs/?func=detailitem&item_id=2530>
_______________________________________________
Message sent via/by Gna!
http://gna.org/
_______________________________________________
Savane-dev mailing list
[email protected]
https://mail.gna.org/listinfo/savane-dev
