Improper Input Validation in athou/commafeed
Jul 23rd 2022
Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts of the system receiving unintended input, which may result in altered control flow. There's no bound limit set on the number of characters/special characters in the name field of catagory, which potentially allows bulk inputs to surge on the demo version.
Steps to reproduce
Step 1. Goto -
Step 2. Register & SignIn
Step 3. Navigate to:
Step 4. Can flood boundless characters on Name field
Step 5. Done
Proof of Concept
PoC Image link:
-> Denial of Service -> This vulnerability is capable of bringing down the availability if the max limit (eg: 128) is not settled on the mentioned field.