Pixel Flood Via File Uploading
Hello Guys,
Who Am I ?
I am an Independent Security Researcher And I have completed my graduation in Computer Science.
Bugcrowd Username: BawaH98
Now, Without boring you, Let's Start this :)
Pixel Flood ?
An image of 5kb size with 260*260 pixels are crafted a malicious code with JPEG file which exchange 260*260 value with 0xfafa x 0xfafa (64250*64250 pixels) by itself. When Image upload, server will allocate small amount of memory for image but Image was malicious so it tries to allocate 4128062500 pixels into memory, this will flooding the memory and causing DoS attack.
How I found this Endpoint?
I choose an program on Bugcrowd Platform. Website didn't have any disclosure program so let's consider site.com, So when i started to hunting on this domain i tried to find IDOR, information disclosure etc. but not found anyone.
Then I was checking website and I found that they have a file upload functionality in profile. That time i got an idea, why not to try any file upload vulnerability on this endpoint. So I tried but after few hours I didn't get success.
So I started to see the bugs of file uploading on Hackerone and Medium, their I got pixel flood attack. I searched for this vulnerability and try to escalate this on website. When I was uploading lottapixel Image on profile photo, It took more time to upload so I thought that may be any network problem issue from my side.
But After 2 min, I got DoS on website with "504 Gateway Timeout".
Fig:1.1 504 Gateway Time-Out
Then I quickly make a report and submit to program. After 2 days, they replied and changed it to "Not Applicable".
I asked for this but they told me that it's only affecting my browser and It was closed.
After 20-22 days, Company again replied that they accepted this report and give me bounty 😃.
This was my first bug which I found, and also got my first bounty which was four digit.
Thanks for Reading.....
Links For Connect:
LinkedIn:https://linkedin.com/in/lokesh-goyal-79a147157/
Twitter : https://twitter.com/lokeshg62498939
Comments
Post a Comment