Database Info Disclose by Client-Side DOS
Intro : Hello hackers!!😃 Today I will discuss about Client-Side DOS attack and how did I find this in a Bug Bounty Program which disclose Some Database Information which can be Sensitive sometime. So let’s jump into it.
Attack :
So in that Web-Site basically I try to Register as an User. But in the Name field I input a Huge String like : aaaaaaaaaaaaaaaa……………………………
It is like this. The Endpoint is /rest/auth/signup.
So after inputting a Lot of data as a String, Database cannot handle it properly causes Internal Server Error (DOS).
So after analyzing the Response I found it Disclose database and Table Name along which Database it is Using.
So that’s way I found this Vulnerability. Hope you learn something new!!
THANKS FOR READING!
If you like it don’t forget to Like it and Follow me for more Articles.
Happy Hacking
