HackerOne: Potential denial of service in hackerone.com/<program>/reward_settings
2015-05-27T04:30:15
ID H1:63865 Type hackerone Reporter ashesh Modified 2015-06-10T04:13:53
Description
While setting the bounty for the program, if I set the bounty to a large value (over 1,000,000 digits) and send the request the website hangs for about a minute and a half, then pops up an error page saying there is an error on Hackerone's Host end.
Time taken to repsond : 76856 Millisecond = 76.856 Seconds
Error Code: Error 522
URL: https://hackerone.com/<program>/reward_settings
The Request and response is attached in this Report.
{"id": "H1:63865", "type": "hackerone", "bulletinFamily": "bugbounty", "title": "HackerOne: Potential denial of service in hackerone.com/<program>/reward_settings", "description": "While setting the bounty for the program, if I set the bounty to a large value (over 1,000,000 digits) and send the request the website hangs for about a minute and a half, then pops up an error page saying there is an error on Hackerone's Host end.\r\n\r\nTime taken to repsond : 76856 Millisecond = 76.856 Seconds\r\nError Code: `Error 522`\r\nURL: https://hackerone.com/<program>/reward_settings\r\n\r\nThe Request and response is attached in this Report.\r\n\r\nVulneurabe paramater `base_bounty`\r\n\r\nRequest parameters format:\r\n\r\n {\"handle\":\"<program>\",\"errors\":{},\"offers_bounties\":true,\"advertise_bounties\":true,\"base_bounty\":\"1111....till 1,000,000 digits\",\"hide_bounty_amounts\":false,\"team_state\":\"sandboxed\",\"allowed_to_disable_bounties?\":true}", "published": "2015-05-27T04:30:15", "modified": "2015-06-10T04:13:53", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://hackerone.com/reports/63865", "reporter": "ashesh", "references": [], "cvelist": [], "lastseen": "2018-04-19T17:34:10", "viewCount": 3, "enchantments": {"score": {"value": 1.2, "vector": "NONE", "modified": "2018-04-19T17:34:10", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-19T17:34:10", "rev": 2}, "vulnersScore": 1.2}, "bounty": 100.0, "bountyState": "resolved", "h1team": {"profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/000/013/68fea1fe00dc833f4109e015738af4b374727e56_small.png?1445331713", "medium": "https://profile-photos.hackerone-user-content.com/000/000/013/28af2ada2cc00aa9427504fc5a14f587362df84b_medium.png?1445331713"}, "url": "https://hackerone.com/security", "handle": "security"}, "h1reporter": {"hacker_mediation": false, "username": "ashesh", "hackerone_triager": false, "profile_picture_urls": {"small": "https://profile-photos.hackerone-user-content.com/000/003/791/f4288565f5c5e17cb7d8ca1ab66a283c26254829_small.png?1437239918"}, "disabled": false, "url": "/ashesh", "is_me?": false}}
