The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS) in publify/publify

Valid

Reported on

May 22nd 2022

Description

Please enter a description of the vulnerability.

Proof of Concept

1 - Create New article https://demo-publify.herokuapp.com/admin/content/new

2 - Fill the title name and post field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on Save.

Payload - https://drive.google.com/file/d/1E3iqSQE4-t4dXpWQrDPHY7OcspHxYvYE/view

3 -You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.

POC screenshot :- https://drive.google.com/file/d/1xTMl-r8pkfxnbEDR20NTxkIggLJ66Exh/view?usp=sharing

Impact

This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

We are processing your report and will contact the publify team within 24 hours. 10 months ago

Vishal Vishwakarma modified the report

10 months ago

Vishal Vishwakarma modified the report

10 months ago

A publify/publify maintainer has acknowledged this report 10 months ago

Matijs van Zuijlen modified the CWE from Integer Underflow (Wrap or Wraparound) to Improper Input Validation 7 months ago

The researcher has received a minor penalty to their credibility for misclassifying the vulnerability type: -1

Matijs van Zuijlen validated this vulnerability 7 months ago

Vishal Vishwakarma has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Vishal Vishwakarma Vishal

commented 7 months ago

Researcher

@admin can you assign CVE and public this.

Jamie Slome

commented 7 months ago

Admin

We can proceed with a CVE for this report if @mvz is happy to :)

@mvz?

We have sent a fix follow up to the publify team. We will try again in 7 days. 7 months ago

We have sent a second fix follow up to the publify team. We will try again in 10 days. 7 months ago

We have sent a third and final fix follow up to the publify team. This report is now considered stale. 7 months ago

Matijs van Zuijlen marked this as fixed in 9.2.10 with commit ca46da 2 months ago

Matijs van Zuijlen has been awarded the fix bounty

This vulnerability has been assigned a CVE

Matijs van Zuijlen published this vulnerability 2 months ago

to join this conversation

We are processing your report and will contact the publify team within 24 hours. 10 months ago

Vishal Vishwakarma modified the report

10 months ago

Vishal Vishwakarma modified the report

10 months ago

A publify/publify maintainer has acknowledged this report 10 months ago

Matijs van Zuijlen modified the CWE from Integer Underflow (Wrap or Wraparound) to Improper Input Validation 7 months ago

The researcher has received a minor penalty to their credibility for misclassifying the vulnerability type: -1

Matijs van Zuijlen validated this vulnerability 7 months ago

Vishal Vishwakarma has been awarded the disclosure bounty

The fix bounty is now up for grabs

The researcher's credibility has increased: +7

Vishal Vishwakarma Vishal

commented 7 months ago

Researcher

@admin can you assign CVE and public this.

Jamie Slome

commented 7 months ago

Admin

We can proceed with a CVE for this report if @mvz is happy to :)

@mvz?

We have sent a fix follow up to the publify team. We will try again in 7 days. 7 months ago

We have sent a second fix follow up to the publify team. We will try again in 10 days. 7 months ago

We have sent a third and final fix follow up to the publify team. This report is now considered stale. 7 months ago

Matijs van Zuijlen marked this as fixed in 9.2.10 with commit ca46da 2 months ago

Matijs van Zuijlen has been awarded the fix bounty

This vulnerability has been assigned a CVE

Matijs van Zuijlen published this vulnerability 2 months ago

to join this conversation