Uncontrolled Resource Consumption in "Category Editor" in causefx/organizr


Reported on

May 11th 2022


The Organizr application allows large characters to insert in the input field "Category Editor" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Proof of Concept

1.Login to the application

2.Go to "Tab Editor" -> "Categories" .

3.Click on the + button fill in all details and capture the request in burp suites, and send it to Repeater.

4.Now copy the payload from this link:- https://drive.google.com/file/d/11AwLp8Ae1_eJqGb44W9QJDtPmVw-1RSQ/view?usp=sharing and paste after the parameter category= and click on go.

5.You will see application accepts 1,000,000 characters.

Video PoC



This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.


We are processing your report and will contact the causefx/organizr team within 24 hours. a year ago
causefx validated this vulnerability a year ago
SAMPRIT DAS has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
causefx marked this as fixed in 2.1.2000 with commit e4b4cf a year ago
causefx has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation