The publify application allows large characters to insert in the input field "First name and Last name" on the profile field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in publify / publify in publify/publify

Valid

Reported on

May 15th 2022

Description

The publify application allows large characters to insert in the input field "First name and Last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request

Proof of Concept

1 - go to your profile https://demo-publify.herokuapp.com/admin/profiles

2 - Fill the first name & last name field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on Save.

Payload - https://drive.google.com/file/d/1E3iqSQE4-t4dXpWQrDPHY7OcspHxYvYE/view

3 -You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.

POC VIdeo :- https://drive.google.com/file/d/14-yHlzy8_y_ENkDAqJouLlEYNn2NLd7q/view?usp=sharing

POC Screenshot :- https://drive.google.com/file/d/12IAqG1OQeyp2_qA53t-LyoccgCuNoDO3/view?usp=sharing

Impact

This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.

Patch recemmondation:

The first name & last name input should be limited to 50 characters or max 100 characters.

We are processing your report and will contact the publify team within 24 hours. 10 months ago
Vishal Vishwakarma modified the report
10 months ago
We have contacted a member of the publify team and are waiting to hear back 10 months ago
Matijs
10 months ago

Maintainer

TIL: 1 lakh == 100000. :-)

Vishal
10 months ago

Researcher

You have to limit The first name & last name input should be limited to 50 characters or max 100 characters.

We have sent a follow up to the publify team. We will try again in 7 days. 10 months ago
Matijs van Zuijlen validated this vulnerability 10 months ago
Vishal Vishwakarma has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
We have sent a fix follow up to the publify team. We will try again in 7 days. 10 months ago
We have sent a second fix follow up to the publify team. We will try again in 10 days. 10 months ago
We have sent a third and final fix follow up to the publify team. This report is now considered stale. 9 months ago
Matijs
7 months ago

Maintainer

I'm checking the Vulnerability Type for this vulnerability, and it seems incorrect. Perhaps CWE-20: Improper Input Validation is more appropriate?

Matijs van Zuijlen marked this as fixed in 9.2.10 with commit 29a583 2 months ago
Matijs van Zuijlen has been awarded the fix bounty
This vulnerability has been assigned a CVE
Matijs van Zuijlen published this vulnerability 2 months ago
to join this conversation