The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS) in publify/publify

Valid

Reported on

May 22nd 2022


Description

Please enter a description of the vulnerability.

Proof of Concept

1 - Create New article https://demo-publify.herokuapp.com/admin/content/new

2 - Fill the title name and post field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on Save.

Payload - https://drive.google.com/file/d/1E3iqSQE4-t4dXpWQrDPHY7OcspHxYvYE/view

3 -You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.

POC screenshot :- https://drive.google.com/file/d/1xTMl-r8pkfxnbEDR20NTxkIggLJ66Exh/view?usp=sharing

Impact

This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

We are processing your report and will contact the publify team within 24 hours. a year ago
Vishal Vishwakarma modified the report
a year ago
Vishal Vishwakarma modified the report
a year ago
publify/publify maintainer has acknowledged this report a year ago
Matijs van Zuijlen modified the CWE from Integer Underflow (Wrap or Wraparound) to Improper Input Validation 9 months ago
The researcher has received a minor penalty to their credibility for misclassifying the vulnerability type: -1
Matijs van Zuijlen validated this vulnerability 9 months ago
Vishal Vishwakarma has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Vishal
9 months ago

Researcher


@admin can you assign CVE and public this.

Jamie Slome
9 months ago

Admin


We can proceed with a CVE for this report if @mvz is happy to :)

@mvz?

We have sent a fix follow up to the publify team. We will try again in 7 days. 9 months ago
We have sent a second fix follow up to the publify team. We will try again in 10 days. 9 months ago
We have sent a third and final fix follow up to the publify team. This report is now considered stale. 8 months ago
Matijs van Zuijlen marked this as fixed in 9.2.10 with commit ca46da 4 months ago
Matijs van Zuijlen has been awarded the fix bounty
This vulnerability has been assigned a CVE
Matijs van Zuijlen published this vulnerability 4 months ago
to join this conversation