Lucene search
Vishalvishw100049774B-1857-46DC-A834-F1FB15138C53HistoryMay 22, 2022 - 8:47 p.m.
The publify application allows large characters to insert in the input field "title name and post field" on the article field which can allow attackers to cause a Denial of Service (DoS)
2022-05-2220:47:17
vishalvishw10
www.huntr.dev
11
0.001 Low
EPSS
Percentile
49.7%
Description
Please enter a description of the vulnerability.
Proof of Concept
1 - Create New article https://demo-publify.herokuapp.com/admin/content/new
2 - Fill the title name and post field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on Save.
Payload - https://drive.google.com/file/d/1E3iqSQE4-t4dXpWQrDPHY7OcspHxYvYE/view
3 -You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
POC screenshot :- https://drive.google.com/file/d/1xTMl-r8pkfxnbEDR20NTxkIggLJ66Exh/view?usp=sharing
Related
cnvd
cnvd
Publify Input Validation Error Vulnerability (CNVD-2023-04310)
2023-01-17 00:00:00
osv
osv
CVE-2023-0299
2023-01-14 15:15:08
BIT-publify-2023-0299
2024-03-06 11:02:52
Publify Improper Input Validation vulnerability
2023-01-14 15:30:24
cve
cve
CVE-2023-0299
2023-01-14 15:15:08
github
github
Publify Improper Input Validation vulnerability
2023-01-14 15:30:24
nvd
nvd
CVE-2023-0299
2023-01-14 15:15:08
prion
prion
Input validation
2023-01-14 15:15:00
cvelist
cvelist
CVE-2023-0299 Improper Input Validation in publify/publify
2023-01-14 00:00:00