Content length restriction bypass can lead to DOS

Ahmed Najeh
2 min readFeb 21, 2021

--

You specified while sending a message that did not specify the size of the text being sent
This problem may lead to a defect

Reproduce

1- go to sign at https://security.ibmviprewards.ibm.com/
2-and now send massage at “https://security.ibmviprewards.ibm.com/inbox/" to any one
I have tried it on a second account

3- send massage and take request to Burp
4-Increase the size of the message to any number of words
I increased it to nearly 5 a million
And I sent the message
5- We will see that the message was sent with a very large size and we can increase it to an unlimited size
6- and see the Response

HTTP/1.1 201 Created X-Frame-Options: DENY Content-Security-Policy: default-src ‘none’; script-src ‘none’; connect-src ‘none’; img-src ‘none’; style-src ‘none’; font-src ‘none’ Content-Type: application/json; charset=utf-8 Connection: close Content-Length: 5317335

impact

This attack will lead to DOS on the server
If you enter messages received by the attacker, the browser will cramp and the device will slow due to the length of the content
I tried it when I opened a message I received
The machine stops completely

--

--

Ahmed Najeh
Ahmed Najeh

Written by Ahmed Najeh

ذو العَقلِ يَشقَى في النّعيمِ بعَقْلِهِ وَأخو الجَهالَةِ في الشّقاوَةِ يَنعَمُ https://hackerone.com/im4x https://web.facebook.com/im4xx/

No responses yet