Pixel Flood Via File Uploading
Hello Guys, Who Am I ? I am an Independent Security Researcher And I have completed my graduation in Computer Science. Bugcrowd Username: BawaH98 Now, Without boring you, Let's Start this :) Pixel Flood ? An image of 5kb size with 260*260 pixels are crafted a malicious code with JPEG file which exchange 260*260 value with 0xfafa x 0xfafa (64250*64250 pixels) by itself. When Image upload, server will allocate small amount of memory for image but Image was malicious so it tries to allocate 4128062500 pixels into memory, this will flooding the memory and causing DoS attack. How I found this Endpoint? I choose an program on Bugcrowd Platform. Website didn't have any disclosure program so let's consider site.com, So when i started to hunting on this domain i tried to find IDOR, information disclosure etc. but not found anyone. Then I was checking website and I found that they have a file upload functionality in profile. That time i got an idea, why not to try any file upload...