DDOS attack by uploading a few hundred large files in tooljet/tooljet
Reported on
Aug 28th 2022
Description
can normal user upload the photo to the profile not allowed photo more than 2 MB i can upload photo more allowed limit
Proof of Concept
https://drive.google.com/file/d/1jh0n9kOoFvW-esHg_pOtPeURTYjSIhDm/view?usp=sharing
Impact
What happens if a bot net starts uploading 100MB files from 100 machines at the same time. This would mean that our network pipes are clogged handling 10GB of data while slowing down our real customers..... the answer the site will down and come not available
@maintainer @admin @gsmithun4 can we assign a CVE here and make my report puplic
Hi Ahmed! As soon the maintainer publishes your report, they will decide wether to assign a CVE for it or not. I'm sure the maintainer will soon be back, give them some time :)