The microweber application allows large characters to insert in the input field "post title" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber
Mar 12th 2022
Proof of Concept
- Go to add post
- click on create new post
- There will a option called
- Fill the input field with huge characters, (more than 1 lakh)
- Copy the below payload and put it in the input fields and click on continue.
- You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
Download the payload from here:
Video & Image POC:
- The post title input should be limited to 500 characters or max 1000 characters.