Lucene search
Iamshooter999889D435-3B9C-4E9D-93BC-5272E0723F9FHistoryApr 24, 2022 - 8:28 p.m.
Improper handling of Length parameter
2022-04-2420:28:37
iamshooter99
www.huntr.dev
21
0.001 Low
EPSS
Percentile
41.2%
Description
There was no restriction on the amount of text that can be inserted into a user’s name field. When the text size was large enough the service resulted in a momentary outage in our non-production environment (not high availability). An internal reproduction showed isolated disruption but no outage in our production environment.
Proof of Concept
- Login account.
- Visit the profile section.
- Edit profile & add unlimited random input into the Name field. like [//%3C%3E//http://www.evil.com/projectX.htm] * 10000
- Save and you can see the disruption in the PoC video.
PoC
https://drive.google.com/file/d/18DYqGoDOdse6yLPjDb-GoqVSaFgAZkVN/view?usp=sharing
References
cwe.mitre.org/data/definitions/130.html#:~:text=CWE%2D130%3A%20Improper%20Handling%20of%20Length%20Parameter%20Inconsistency,-Weakness%20ID%3A%20130&text=The%20software%20parses%20a%20formatted,length%20of%20the%20associated%20data.
hackerone.com/reports/260468
huntr.dev/bounties/11fe9db7-cb83-41bc-a7b5-228e24db1846/
www.cybersecurity-help.cz/vdb/cwe/130/
Related
cve
cve
CVE-2022-1543
2022-04-29 18:15:08
nvd
nvd
CVE-2022-1543
2022-04-29 18:15:08
osv
osv
CVE-2022-1543
2022-04-29 18:15:08
cvelist
cvelist
CVE-2022-1543 Improper handling of Length parameter in erudika/scoold
2022-04-29 18:10:09
prion
prion
Design/Logic Flaw
2022-04-29 18:15:00