The microweber application allows large characters to insert in the input field "Coupons" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber

Valid

Reported on

Mar 19th 2022


Proof of Concept

1.Go to "Settings" click on "Coupons" and Add a new Coupons

2.Go to this drive link:- https://drive.google.com/file/d/1CcVCHWbvMk07IZ5v4dojrdJbC43_ufhh/view?usp=sharing copy the payload and paste it on the "Code" input field

3.You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.

Video PoC

https://drive.google.com/file/d/1c42w4YZNsDzObV79TMCayrXbahmbPNoD/view?usp=sharing

Impact

This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

References

We are processing your report and will contact the microweber team within 24 hours. 2 months ago
SAMPRIT DAS modified the report
2 months ago
SAMPRIT DAS modified the report
2 months ago
SAMPRIT DAS modified the report
2 months ago
We have contacted a member of the microweber team and are waiting to hear back 2 months ago
Bozhidar Slaveykov modified the report
2 months ago
Bozhidar Slaveykov validated this vulnerability 2 months ago
SAMPRIT DAS has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bozhidar Slaveykov confirmed that a fix has been merged on 020380 2 months ago
Bozhidar Slaveykov has been awarded the fix bounty
functions.php#L100 has been validated
SAMPRIT DAS
2 months ago

Researcher


@bobimicroweber the CVSS score for this report will be: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:H and you have changed it to None as you know the coupon is saved in the database and for this, it will take large space even can lead to memory corruption @admin can you changed the CVSS score and can assign a CVE for this?

SAMPRIT DAS
2 months ago

Researcher


@admin

Jamie Slome
2 months ago

Admin


We only assign CVEs and adjust the CVSS with maintainer permission 👍

SAMPRIT DAS
2 months ago

Researcher


@bobimicroweber @maintainer Can you please confirm

to join this conversation