Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
huntrAkshayravic09yc471FF8AFE4-6FF7-45AA-A652-D8AAC7E5BE7E
HistoryMay 14, 2022 - 1:35 p.m.

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request

2022-05-1413:35:20
akshayravic09yc47
www.huntr.dev
26

0.003 Low

EPSS

Percentile

65.3%

JSON

POC:

  1. go to signup form: http://127.0.0.1:8118/signup
  2. Fill the Full Name input field with huge characters(more than lakhs or crores)
  3. After created the account, check the admin panel: http://127.0.0.1:8118/accounts, go to Accounts –> customers
  4. The admin panel will be flooded with our payload

POC Screenshot:

https://ibb.co/2Nvj908

POC video:

https://www.mediafire.com/file/vng5aufoydb6hl5/trudesk-poc.mov/file

Related

osv 1
nvd 1
cvelist 1
cve 1
prion 1
osv
osv
CVE-2022-1718
2022-09-29 03:15:15
nvd
nvd
CVE-2022-1718
2022-09-29 03:15:15
cvelist
cvelist
CVE-2022-1718 The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk
2022-05-16 14:32:17
cve
cve
CVE-2022-1718
2022-09-29 03:15:15
prion
prion
Cross site request forgery (csrf)
2022-09-29 03:15:00

0.003 Low

EPSS

Percentile

65.3%

JSON
Related for 1FF8AFE4-6FF7-45AA-A652-D8AAC7E5BE7E
osv1nvd1cvelist1cve1prion1