Description

Input validation is a frequently-used technique for checking potentially dangerous inputs in order to ensure that the inputs are safe for processing within the code, or when communicating with other components. When software does not validate input properly, an attacker is able to craft the input in a form that is not expected by the rest of the application. This will lead to parts of the system receiving unintended input, which may result in altered control flow. There's no bound limit set on the number of characters/special characters in the name field of catagory, which potentially allows bulk inputs to surge on the demo version.

Steps to reproduce

Step 1. Goto - https://www.commafeed.com

Step 2. Register & SignIn

Step 3. Navigate to: https://www.commafeed.com/#/feeds/add_category

Step 4. Can flood boundless characters on Name field

Step 5. Done

Proof of Concept

PoC Image link: https://postimg.cc/8Jbd9L7M

Impact

-> Denial of Service -> This vulnerability is capable of bringing down the availability if the max limit (eg: 128) is not settled on the mentioned field.