Lucene search
Vishalvishw1017D86A50-265C-4EC8-9592-0BD909DDC8F3HistoryMay 15, 2022 - 10:43 a.m.
The publify application allows large characters to insert in the input field "First name and Last name" on the profile field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in publify / publify
2022-05-1510:43:52
vishalvishw10
www.huntr.dev
13
0.002 Low
EPSS
Percentile
54.4%
Description
The publify application allows large characters to insert in the input field “First name and Last name” which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request
Proof of Concept
1 - go to your profile https://demo-publify.herokuapp.com/admin/profiles
2 - Fill the first name & last name field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on Save.
Payload - https://drive.google.com/file/d/1E3iqSQE4-t4dXpWQrDPHY7OcspHxYvYE/view
3 -You will see the application accepts large characters and if we will increase the characters then it can lead to Dos.
POC VIdeo :- https://drive.google.com/file/d/14-yHlzy8_y_ENkDAqJouLlEYNn2NLd7q/view?usp=sharing
POC Screenshot :- https://drive.google.com/file/d/12IAqG1OQeyp2_qA53t-LyoccgCuNoDO3/view?usp=sharing
Related
osv
osv
Integer overflow in publify_core
2023-01-14 15:30:25
BIT-publify-2022-1812
2024-03-06 11:03:12
CVE-2022-1812
2023-01-14 14:15:08
github
github
Integer overflow in publify_core
2023-01-14 15:30:25
prion
prion
Integer overflow
2023-01-14 14:15:00
cvelist
cvelist
CVE-2022-1812 Integer Overflow or Wraparound in publify/publify
2023-01-14 00:00:00
cve
cve
CVE-2022-1812
2023-01-14 14:15:08
cnvd
cnvd
Publify Input Validation Error Vulnerability (CNVD-2023-04309)
2023-01-17 00:00:00
nvd
nvd
CVE-2022-1812
2023-01-14 14:15:08