The microweber application allows large characters to insert in the input field "fist & last name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber
Mar 14th 2022
Proof of Concept
- Go to
- Click on edit profile
- Fill the
first name & last namefield with huge characters, (more than 1 lakh)
- Copy the below payload and put it in the input fields and click on continue.
- You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
Download the payload from here:
Video & Image POC:
The first name & last name input should be limited to 50 characters or max 100 characters.
Bozhidar Slaveykov validated this vulnerability a year ago
Akshay Ravi has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bozhidar Slaveykov marked this as fixed in 1.2.12 with commit 80e390 a year ago
This vulnerability will not receive a CVE
to join this conversation