Check out my previous articles on P4 bugs – Part 1 , Part 2, Part 3, Part 4, Part 5, Part 6
Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lots of bugs but in today’s article we are going to discuss about Long String DOS Attack, which i discover recently so without further delay let’s start….
Long String DOS Attack
Recently, I got a bounty for a bug which is DOS, this is the first time I got bounty for DOS bug usually companies mark DOS as out of scope. I found this bug in a self hosted program so due to program policy i can’t disclose the program name but let’s say the program name is example.com
Now while testing different features and functions i got nothing but my instincts says that there is a bug in this program so i keep pushing the boundaries usually I don’t look for bugs like DOS but i thought let’s give it a shot.
So there is a feature in the site, which is like password protect our shop, by this function we can put password on our shop which will make our shop private/hide form public access
Now you are thinking it right, Firstly, I send the request in burpsuite repeater tab and then I put long string about 70-80 character long in password field and checking the response and it’s 200 OK which means there is no server side character limit on password field.
It’s time to attack – I put a long long string about 10MB in the password field and send the request on server and it returned the response with status code 500 and Boom it’s a successful DOS attack. If you are thinking how i know that the string data it about 10 MB so i copy paste it in Notepad save file that’s how i know.
So Like always it time for POC…
Description:- A vulnerability was identified in the password protection feature of the application. This feature does not enforce a character or data size limit on user input in the password field. When a user submits an excessively large string (e.g., 10MB) in the password field, the server processes this input without validation. This results in high resource consumption on the server, leading to a 500 Internal Server Error and effectively causing a Denial of Service (DoS) condition.
Steps to reproduce:-
1 – Go to example.com/v3/passwordProtect/?project=<your-id>
2 – Enter a long string of numeric / alphanumeric digits in make your store private feature.
3 – Click on save and wait for the site to respond
4 – The website starts to load and after a while, it returns a 500 error
5 – This leads to function level dos attack.
Impact:- The target system becomes slow, unresponsive, or inaccessible to legitimate users. This can have a significant impact on an organization’s productivity, such as loss of sales or employees unable to work.
This can also lead to memory corruption as this function is accepting almost a size of 10MB long string.
That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂
Buy Me a Coffee : https://buymeacoffee.com/socalledhacker
Follow Me On :
Amazing!!
May I have information on the topic of your article?
Thank you for being of assistance to me. I really loved this article.
You made some decent factors there. I appeared on the internet for the problem and located most individuals will associate with together with your website.