The microweber application allows large characters to insert in the input field "SKU" which can allow attackers to cause a Denial of Service (DoS) via a crafted HTTP request. in microweber/microweber in microweber/microweber
Mar 14th 2022
Go to add post http://site.com/admin/product/create click on create new product There will a option called SKU Fill the input field with huge characters, (more than 1 lakh) Copy the below payload and put it in the input fields and click on continue. You will see the application accepts large characters and if we will increase the characters then it can lead to Dos
Download the payload from here: https://drive.google.com/file/d/1mQ_RMqcWiKuzRL_sQ0LfeKCboOd3WcYP/view?usp=sharing
Video & Image POC: https://drive.google.com/drive/folders/1Y4prHy4EWlJBaleOAyeN82lQeb4JaAca?usp=sharing
Patch recommendation: The post title input should be limited to 500 characters or max 1000 characters. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-25062 .