Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-1718: The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in

The trudesk application allows large characters to insert in the input field “Full Name” on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service.

CVE
Open in Source
#dos#git

POC:

  1. go to signup form: http://127.0.0.1:8118/signup
  2. Fill the Full Name input field with huge characters(more than lakhs or crores)
  3. After created the account, check the admin panel: http://127.0.0.1:8118/accounts, go to Accounts --> customers
  4. The admin panel will be flooded with our payload

POC Screenshot:

https://ibb.co/2Nvj908

POC video:

https://www.mediafire.com/file/vng5aufoydb6hl5/trudesk-poc.mov/file

Impact

  1. It can leads to Senial of service attack

References

  • https://huntr.dev/bounties/97e36678-11cf-42c6-889c-892d415d9f9e/
  • https://huntr.dev/bounties/cdf00e14-38a7-4b6b-9bb4-3a71bf24e436/

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE