Improper Control of a Resource Through its Lifetime in the input field "Bookmark Tabs" in causefx/organizr


Reported on

May 13th 2022


The Organizr application allows large characters to insert in the input field "Bookmark Tabs" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request.

Proof of Concept

1.Login to the application

2.Go to "Tab Editor" -> "Bookmark Tabs".

3.Click on the + button fill in all details and capture the request in burp suites, and send it to Repeater.

4.Now copy the payload from this link:- and paste after the parameter name= and click on go.

5.You will see application accepts 1,000,000 characters.

Video PoC


This vulnerability can be abused by doing a DDoS attack for which genuine users will not able to access resources/applications.


We are processing your report and will contact the causefx/organizr team within 24 hours. 2 years ago
SAMPRIT DAS modified the report
2 years ago
2 years ago


This was already fixed while doing other inputs:

2 years ago


Oh ok sorry @Maintainer so I need to update

causefx validated this vulnerability 2 years ago
SAMPRIT DAS has been awarded the disclosure bounty
The fix bounty is now up for grabs
The researcher's credibility has increased: +7
causefx marked this as fixed in 2.1.2000 with commit 05ebc5 2 years ago
causefx has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation