There is a search service between the content and the blog, which contains a parameter called pageSize. The attacker can change the output value of the program by increasing this parameter. For example, by increasing this number, the output of the program can be several megabytes.
This problem causes the query of the program with the database to run longer and in case of successive attacks, it will cause the server to waste resources and eventually fail.
this service is /API/internalservices/searchService/search in DotNetNuke.Web project
Description of solution
we can add a number to maximum page sizes in SearchServiceController
Description of alternatives considered
No response
Anything else?
No response
Do you be plan to contribute code for this enhancement?
[X] Yes
Would you be interested in sponsoring this enhancement?
[ ] Yes
Code of Conduct
[X] I agree to follow this project's Code of Conduct
Is there an existing issue for this?
Description of problem
There is a search service between the content and the blog, which contains a parameter called pageSize. The attacker can change the output value of the program by increasing this parameter. For example, by increasing this number, the output of the program can be several megabytes. This problem causes the query of the program with the database to run longer and in case of successive attacks, it will cause the server to waste resources and eventually fail.
this service is
/API/internalservices/searchService/searchin DotNetNuke.Web projectDescription of solution
we can add a number to maximum page sizes in
SearchServiceControllerDescription of alternatives considered
No response
Anything else?
No response
Do you be plan to contribute code for this enhancement?
Would you be interested in sponsoring this enhancement?
Code of Conduct