Out-of-bounds Write in tsolucio/corebos
Nov 18th 2021
There's no bound limit to the number of characters/special characters in "Add Module - Window Title" (Add window --> Modules).
Steps to reproduce
Step 1. Goto - https://demo.corebos.com/index.php?action=index&module=Home
Step 2. Add Window (Right corner)
Step 3. Select module (1st option)
Step 4. Can flood boundless characters on Window Title
Step 5. Done
Application-Level DoS. This vulnerability is capable of bringing down both the availability of the Client & server-side resources.
PoC Link:- https://drive.google.com/drive/folders/1bZUklTB0QFW6Wst45sfDN6XgZ_x37Z4f?usp=sharing
can you please explain this issue to me? I see that the title string is truncated on screen and I don't understand the security risk that this represents.
When the text measure is large enough the service comes about in a fleeting blackout in a production environment. That can lead to memory corruption on the server. This may lead to server-side Denial Of Service assault or over memory consumption. You have to limit input length.
There's some reference:
https://hackerone.com/reports/768677 https://hackerone.com/reports/764434 https://hackerone.com/reports/161947
Hey, a new issue is noticed. When I attempt to change the password, I found that you haven't kept any password boundary. You need to limit password length. Hashing a large amount of data can cause significant resource consumption on behalf of the server and would be an easy target for an Application-level Denial Of Service attack.
Please consider both issues I pointed. It'll be better to settle the cases in a single report. So I don't have to write multi times. Hope you get back soon.