The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request in polonel/trudesk


Reported on

May 14th 2022


  1. go to signup form:
  2. Fill the Full Name input field with huge characters(more than lakhs or crores)
  3. After created the account, check the admin panel:, go to Accounts --> customers
  4. The admin panel will be flooded with our payload

POC Screenshot:

POC video:


  1. It can leads to Senial of service attack
We are processing your report and will contact the polonel/trudesk team within 24 hours. 2 years ago
polonel/trudesk maintainer has acknowledged this report 2 years ago
Chris validated this vulnerability 2 years ago
akshayravic09yc47 has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
Chris marked this as fixed in 1.2.2 with commit 87e231 2 years ago
Chris has been awarded the fix bounty
to join this conversation