[PHP-WEBMASTER] Sec Bug->Bug #81523 [Opn]: The search bar in your site no contains atributte "maxlenght"

Tue, 23 May 2023 23:56:26 -0700 

Edit report at https://bugs.php.net/bug.php?id=81523&edit=1

 ID:                 81523
 Updated by:         s...@php.net
 Reported by:        neibase123 at gmail dot com
 Summary:            The search bar in your site no contains atributte
                     "maxlenght"
 Status:             Open
-Type:               Security
+Type:               Bug
 Package:            Website problem
 Operating System:   irrelevante
 PHP Version:        Irrelevant
 Block user comment: N
 Private report:     N



Previous Comments:
------------------------------------------------------------------------
[2023-05-24 06:32:09] tradingstatsf at gmail dot com

My Best Home Designs are sharing latest news about home design, home 
decoration, ,realestate etc. More info to 
visit:(https://mybesthomedesigns.com)github.com

------------------------------------------------------------------------
[2021-10-14 10:06:04] c...@php.net

The missing maxlength attribute is certainly not a security issue,
since a client can ignore that.  Not restricting the length
server-side, however, might be an issue in this case.

------------------------------------------------------------------------
[2021-10-13 17:06:11] neibase123 at gmail dot com

Description:
------------
Your site's search bar doesn't contain the "maxlength" html attribute, I enter 
an absurd amount of characters, if your server doesn't filter these characters, 
they can cause a Denial Of Service attack 

Test script:
---------------
#this script works on any page on the site that contains the search bar.
# please in console navigator paste lines one for one 
# tested in https://www.php.net/



document.getElementsByName("pattern")[0].value = "A".repeat(10000000)

document.getElementsByName("pattern")[0].value;

Expected result:
----------------
Demonstrate how it can set a huge value in the search bar, if the attacker 
enters and your server doesn't filter these characters, they can cause a DOS 
attack



------------------------------------------------------------------------



--
Edit this bug report at https://bugs.php.net/bug.php?id=81523&edit=1

-- 
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to