Dashboard

Buffer Overflow

Severity: Medium
Bug ID: 593
Researcher: rockcena
Status: Disclosed
Submitted: 12/01/2014

Description:

hello team i found Broken Authentication that leads to character limits bypass

Affected URL:

http://crowdshield.com/

Affected Params:

ISC2

Bug Evidence:

for example 

i found ISC2 character limits bypass

character limit is 60 so now i bypass to 100 character 

1234567890123456789012345678901234567890123456789012345678901234567890123456789012345678901234567890

now i put 100 character

https://www.youtube.com/watch?v=vMJRBUmHBmQ

note :

its unlisted video
 
now more than 100 char there  but limit 60 :p

fix it soon 

Regards,
sarath


Bug Recommendation:

validate server side properly

Direct Chat

4
rockcena 12/01/2014
Message User Image
submitted a Buffer Overflow bug to CrowdShield
CrowdShield 12/03/2014
Message User Image
Acknowledged bug ID: 593 - Buffer Overflow submitted by rockcena and awarded 20 points!
CrowdShield 12/03/2014
Message User Image
Fixed bug ID: 593 - Buffer Overflow submitted by rockcena
CrowdShield 06/24/2015
Message User Image
disclosed a Buffer Overflow bug submitted by rockcena

Pending Bugs

ID Severity Vulnerability User Date Status
692High Authentication Bypass dia2diab 07/01/2015 Disclosed
778High Privilege Escalation poseidon 08/24/2018 Disclosed
641High Privilege Escalation daksh 12/05/2014 Disclosed
744High Privilege Escalation realn0j 09/06/2017 Disclosed
670High Remote Code Execution zoczus 05/06/2015 Disclosed
593Medium Buffer Overflow rockcena 12/01/2014 Disclosed
578Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
580Medium Cross Site Request Forgery sandeepv 11/30/2014 Disclosed
659Medium Reflected Cross Site Scripting pratap 12/16/2014 Disclosed
742Low Application Errors guifre 07/29/2017 Disclosed
724Low Session Security and Cookies testingcs 04/24/2016 Disclosed
706Informational Other zediwon 09/28/2015 Disclosed
707Informational Other behroz 10/06/2015 Disclosed