The grav application allows large characters to insert in the input field "Full Name" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in getgrav/grav
Mar 15th 2022
Proof of Concept:
- Go to
- There will a
Full nameinput field
- Add more than 1 lakhs+ characters to the Full name field
- You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
Download the payload from here:
Full Name input should be limited to 100 characters or max 500characters.