The microweber application allows large characters to insert in the input field "Leave comment" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber in microweber/microweber
Mar 14th 2022
Proof of Concept
- Go to
- Create a page and enable to add comment option
- Go to that page and there will a option called "Leave a comment"
- Copy the below payload and put it in the "Leave a comment" field post a comment
- Go to
http://site/admin/view:modules/load_module:commentsand check the comment view section, it will be flooded
- You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
Download the payload from here:
Video & Image POC:
The Leave a comment input should be limited to 500 characters or max 1000 characters.
Bozhidar Slaveykov validated this vulnerability a year ago
Akshay Ravi has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bozhidar Slaveykov marked this as fixed in 1.2.12 with commit 7065bf a year ago
This vulnerability will not receive a CVE
commented a year ago
Hey any update about CVE assign?
to join this conversation