The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS) in publify/publify
May 22nd 2022
Please enter a description of the vulnerability.
Proof of Concept
1 - Create New article https://demo-publify.herokuapp.com/admin/content/new
2 - Fill the title name and post field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on Save.
Payload - https://drive.google.com/file/d/1E3iqSQE4-t4dXpWQrDPHY7OcspHxYvYE/view
3 -You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
POC screenshot :- https://drive.google.com/file/d/1xTMl-r8pkfxnbEDR20NTxkIggLJ66Exh/view?usp=sharing
This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.
@admin can you assign CVE and public this.
We can proceed with a CVE for this report if @mvz is happy to :)