The microweber application allows large characters to insert in the input field "Coupons" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber
Mar 19th 2022
Proof of Concept
1.Go to "Settings" click on "Coupons" and Add a new Coupons
2.Go to this drive link:- https://drive.google.com/file/d/1CcVCHWbvMk07IZ5v4dojrdJbC43_ufhh/view?usp=sharing copy the payload and paste it on the "Code" input field
3.You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.