๐ Omise: bypassing MessageToSeller length limit at link.omise.co leads to the seller not been able to check any transaction details , refund or open a dispute.
๐ก Newskategorie: Sicherheitslรผcken
๐ Quelle: vulners.com
Summary: Hey Omise Team :) so while i was testing dashboard.omise.co through the test Mode i created a Link to receive payments , i opened that link and found out that one can put a ==Message to seller== through the "linking[note]" parameter : {F1097964} so after trying XSS,Html-Injection .... , i thought about trying to input a very long message and see how the app reacts to that , in the first look it seems secure since it has a maxlength="255" however i have discovered that this length is only checked at the client side. so if u edit the request before it reaches the server it will be send successfully. and this leads to preventing the seller from seeing the transaction details because it will take a huuuge time to load , consume seller's data and resources , and probably server resource's too because it's storing a huge amount of data Steps To Reproduce: Go to victim's payment Link ( i did it with my own https://link.omise.co/E2D4BBFB) write your email and any message and credit card infos. intercept the request ( i used BurpSuite) and change the "linking[note]" parameter with the content of the attached file {F1097967} which is ~10Mb in size ( keep in mind that u can cause a bigger damage by using a bigger message like 10Gb) {F1097949} 1. now try and check the charge info under https://dashboard.omise.co/test/charges and u will find that u can't neither access it nor refunding or opening a dispute because it hangs on loading screen ( you can see using just the... ...