| タイトル | Open-Source Web LitmusChaos 3.19.0 Input Validation Bypass |
|---|
| 説明 | A frontend-only validation flaw was identified in the LitmusChaos 3.19.0 platform that allows attackers to bypass character restrictions on user profile fields, such as the display name. The client-side interface prevents input of special characters (e.g., !@#$%¨&)), but the backend fails to enforce equivalent validation, leading to inconsistent input handling and possible downstream effects.
During testing, it was observed that the application performs input sanitization only on the client side, using JavaScript or HTML5 form validation. However, this can be easily circumvented by intercepting and modifying the HTTP request via tools such as Burp Suite.
By sending crafted requests directly to the backend, an attacker can store and display values containing unexpected or restricted characters—such as !@#$%¨&)—in user-controlled fields like the profile display name. |
|---|
| ソース | ⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/README02.md |
|---|
| ユーザー | maique (UID 88562) |
|---|
| 送信 | 2025年07月31日 02:19 (9 月 ago) |
|---|
| モデレーション | 2025年08月09日 07:34 (9 days later) |
|---|
| ステータス | 承諾済み |
|---|
| VulDBエントリ | 319320 [LitmusChaos Litmus 迄 3.19.0] |
|---|
| ポイント | 20 |
|---|