Database Info Disclose by Client-Side DOS

#$ubh@nk@r
2 min readMay 10, 2024

--

Intro : Hello hackers!!😃 Today I will discuss about Client-Side DOS attack and how did I find this in a Bug Bounty Program which disclose Some Database Information which can be Sensitive sometime. So let’s jump into it.

Attack :

So in that Web-Site basically I try to Register as an User. But in the Name field I input a Huge String like : aaaaaaaaaaaaaaaa……………………………

It is like this. The Endpoint is /rest/auth/signup.

So after inputting a Lot of data as a String, Database cannot handle it properly causes Internal Server Error (DOS).

So after analyzing the Response I found it Disclose database and Table Name along which Database it is Using.

Table Name
Not showing all Information

So that’s way I found this Vulnerability. Hope you learn something new!!

THANKS FOR READING!

If you like it don’t forget to Like it and Follow me for more Articles.

Happy Hacking

--

--