This is a detailed technical writeup describing a Host header attack vulnerability in MantisBT 1.2.19, allowing unauthenticated account hijacking via password reset link poisoning. The advisory includes step-by-step exploitation details, root cause analysis, and mitigation recommendations.
Classification
Writeup 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target:MantisBT 1.2.19
No auth needed
Prerequisites:victim's username and email · controlled remote host to capture the verification hash