Check out my previous articles on P4 bugs – Part 1 , Part 2, Part 3, Part 4, Part 5, Part 6
Hi everyone, I am socalledhacker, i am a security researcher , penetration tester, certified ethical hacker and a web3 noob. In past months, I have discover lots of bugs but in today’s article we are going to discuss about Long String DOS Attack, which i discover recently so without further delay let’s start….
Long String DOS Attack
Recently, I got a bounty for a bug which is DOS, this is the first time I got bounty for DOS bug usually companies mark DOS as out of scope. I found this bug in a self hosted program so due to program policy i can’t disclose the program name but let’s say the program name is example.com
Now while testing different features and functions i got nothing but my instincts says that there is a bug in this program so i keep pushing the boundaries usually I don’t look for bugs like DOS but i thought let’s give it a shot.
So there is a feature in the site, which is like password protect our shop, by this function we can put password on our shop which will make our shop private/hide form public access
Now you are thinking it right, Firstly, I send the request in burpsuite repeater tab and then I put long string about 70-80 character long in password field and checking the response and it’s 200 OK which means there is no server side character limit on password field.
It’s time to attack – I put a long long string about 10MB in the password field and send the request on server and it returned the response with status code 500 and Boom it’s a successful DOS attack. If you are thinking how i know that the string data it about 10 MB so i copy paste it in Notepad save file that’s how i know.
So Like always it time for POC…
Description:- A vulnerability was identified in the password protection feature of the application. This feature does not enforce a character or data size limit on user input in the password field. When a user submits an excessively large string (e.g., 10MB) in the password field, the server processes this input without validation. This results in high resource consumption on the server, leading to a 500 Internal Server Error and effectively causing a Denial of Service (DoS) condition.
Steps to reproduce:-
1 – Go to example.com/v3/passwordProtect/?project=<your-id>
2 – Enter a long string of numeric / alphanumeric digits in make your store private feature.
3 – Click on save and wait for the site to respond
4 – The website starts to load and after a while, it returns a 500 error
5 – This leads to function level dos attack.
Impact:- The target system becomes slow, unresponsive, or inaccessible to legitimate users. This can have a significant impact on an organization’s productivity, such as loss of sales or employees unable to work.
This can also lead to memory corruption as this function is accepting almost a size of 10MB long string.
That’s it for this article I will upload more articles related to web2 bugs covering all p4 to p1 bugs in near future so stay tuned … 🙂
Buy Me a Coffee : https://buymeacoffee.com/socalledhacker
Follow Me On :
Amazing!!
May I have information on the topic of your article?
Thank you for being of assistance to me. I really loved this article.
You made some decent factors there. I appeared on the internet for the problem and located most individuals will associate with together with your website.
Good post and right to the point. I don’t know if this is truly the best place to ask but do you people have any thoughts on where to hire some professional writers? Thanks 🙂
Thanks for the publish. I have often seen that a majority of people are desperate to lose weight when they wish to appear slim plus attractive. Even so, they do not usually realize that there are other benefits just for losing weight in addition. Doctors assert that overweight people have problems with a variety of diseases that can be perfectely attributed to their excess weight. The great news is that people that are overweight plus suffering from numerous diseases can reduce the severity of the illnesses simply by losing weight. It is possible to see a slow but identifiable improvement with health as soon as even a bit of a amount of weight loss is achieved.
In these days of austerity plus relative stress and anxiety about having debt, a lot of people balk contrary to the idea of having a credit card to make acquisition of merchandise as well as pay for any gift giving occasion, preferring, instead only to rely on the actual tried and trusted way of making payment – cash. However, in case you have the cash there to make the purchase fully, then, paradoxically, that is the best time for them to use the cards for several reasons.
I have been reading out many of your stories and i can claim pretty clever stuff. I will definitely bookmark your blog.
Wow, marvelous blog structure! How long have you ever been blogging for? you made blogging glance easy. The whole look of your web site is great, let alone the content material!
very nice put up, i certainly love this web site, carry on it
Thanks for the concepts you are discussing on this website. Another thing I would really like to say is the fact getting hold of duplicates of your credit report in order to inspect accuracy of each detail would be the first step you have to accomplish in credit restoration. You are looking to clean your credit reports from damaging details problems that screw up your credit score.
Nice blog here! Also your web site loads up very fast! What web host are you using? Can I get your affiliate link to your host? I wish my web site loaded up as fast as yours lol
I just could not go away your web site prior to suggesting that I really loved the standard information an individual provide on your visitors? Is gonna be back ceaselessly to check out new posts
Hello! This post couldn’t be written any better! Reading through this post reminds me of my previous room mate! He always kept chatting about this. I will forward this post to him. Pretty sure he will have a good read. Many thanks for sharing!
Thank you for writing this post!
Would you be curious about exchanging links?
Please tell me more about this. May I ask you a question? http://www.hairstylesvip.com
May I request more information on the subject? http://www.ifashionstyles.com All of your articles are extremely useful to me. Thank you!
You helped me a lot by posting this article and I love what I’m learning. http://www.hairstylesvip.com
Great beat ! I would like to apprentice while you amend your web site, http://www.hairstylesvip.com how could i subscribe for a blog site? The account helped me a acceptable deal. I had been a little bit acquainted of this your broadcast provided bright clear concept
I’m so in love with this. You did a great job!! http://www.hairstylesvip.com
Thank you for your help and this post. It’s been great. http://www.hairstylesvip.com
Thank you for providing me with these article examples. May I ask you a question? http://www.hairstylesvip.com
Thank you for writing this article. I appreciate the subject too. http://www.hairstylesvip.com
I’m so in love with this. You did a great job!! http://www.hairstylesvip.com
Awsome website! I am loving it!! Will be back later to read some more. I am bookmarking your feeds also
Your articles are extremely helpful to me. Please provide more information! http://www.hairstylesvip.com
I have seen plenty of useful things on your site about personal computers. However, I have the thoughts and opinions that notebook computers are still less than powerful enough to be a wise decision if you usually do jobs that require loads of power, such as video enhancing. But for world wide web surfing, statement processing, and most other typical computer work they are just great, provided you may not mind the tiny screen size. Many thanks for sharing your thinking.
Good day very cool web site!! Man .. Excellent .. Superb .. I will bookmark your web site and take the feeds additionally…I am happy to seek out a lot of useful info right here within the post, we want develop more strategies on this regard, thank you for sharing.
certainly like your website however you have to check the
spelling on several of your posts. A number
of them are rife with spelling issues and I find it
very troublesome to inform the reality nevertheless I will surely come again again.
my website; nordvpn coupons inspiresensation
Helpful info. Lucky me I found your site unintentionally, and I’m shocked why this coincidence did not came about earlier!
I bookmarked it.
Look at my web site :: nordvpn coupons inspiresensation,
t.co,
What i don’t understood is actually how you’re not really much more well-liked than you might be now. You are so intelligent. You realize therefore significantly relating to this subject, produced me personally consider it from a lot of varied angles. Its like women and men aren’t fascinated unless it is one thing to accomplish with Lady gaga! Your own stuffs nice. Always maintain it up!
Hi my loved one! I want to say that this post is awesome,
great written and come with almost all important infos.
I would like to peer more posts like this .
Here is my blog – nordvpn coupons inspiresensation
Hi there, of course this paragraph is genuinely pleasant and I have learned lot of things from it
about blogging. thanks.
Here is my web-site … Nordvpn coupons inspiresensation
350fairfax nordvpn cashback
Having read this I believed it was extremely informative.
I appreciate you spending some time and effort to put this information together.
I once again find myself personally spending a lot of time both reading and
commenting. But so what, it was still worthwhile!
I want reading and I think this website got some really useful stuff on it! .
I have observed that fees for on-line degree specialists tend to be an awesome value. Like a full Bachelors Degree in Communication from The University of Phoenix Online consists of 60 credits with $515/credit or $30,900. Also American Intercontinental University Online offers a Bachelors of Business Administration with a total school element of 180 units and a tariff of $30,560. Online learning has made taking your certification so much easier because you may earn your own degree from the comfort of your home and when you finish from work. Thanks for all the tips I’ve learned through the blog.
Wow! Thank you! I constantly needed to write on my blog something like that. Can I take a portion of your post to my site?
Great blog post. A few things i would like to add is that pc memory is required to be purchased if your computer still can’t cope with everything you do with it. One can mount two RAM memory boards with 1GB each, for example, but not certainly one of 1GB and one with 2GB. One should check the company’s documentation for the PC to make sure what type of memory space is essential.
I do agree with all of the ideas you have presented in your post. They are very convincing and will certainly work. Still, the posts are too short for newbies. Could you please extend them a bit from next time? Thanks for the post.
Thanks for another wonderful post. Where else could anyone get that kind of information in such a perfect way of writing? I’ve a presentation next week, and I’m on the look for such info.
Please let me know if you’re looking for a writer for your blog. You have some really great articles and I feel I would be a good asset. If you ever want to take some of the load off, I’d really like to write some material for your blog in exchange for a link back to mine. Please blast me an email if interested. Many thanks!
I have really noticed that credit score improvement activity needs to be conducted with tactics. If not, it’s possible you’ll find yourself causing harm to your positioning. In order to grow into success fixing your credit score you have to always make sure that from this moment you pay all your monthly expenses promptly before their slated date. Really it is significant simply because by certainly not accomplishing so, all other actions that you will choose to use to improve your credit standing will not be useful. Thanks for giving your suggestions.
Woah! I’m really loving the template/theme of this blog. It’s simple, yet effective. A lot of times it’s very hard to get that “perfect balance” between superb usability and visual appeal. I must say you’ve done a great job with this. In addition, the blog loads very quick for me on Firefox. Outstanding Blog!