| 제목 | Open-Source Web LitmusChaos 3.19.0 Input Validation Bypass |
|---|
| 설명 | A frontend-only validation flaw was identified in the LitmusChaos 3.19.0 platform that allows attackers to bypass character restrictions on user profile fields, such as the display name. The client-side interface prevents input of special characters (e.g., !@#$%¨&)), but the backend fails to enforce equivalent validation, leading to inconsistent input handling and possible downstream effects.
During testing, it was observed that the application performs input sanitization only on the client side, using JavaScript or HTML5 form validation. However, this can be easily circumvented by intercepting and modifying the HTTP request via tools such as Burp Suite.
By sending crafted requests directly to the backend, an attacker can store and display values containing unexpected or restricted characters—such as !@#$%¨&)—in user-controlled fields like the profile display name. |
|---|
| 원천 | ⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/README02.md |
|---|
| 사용자 | maique (UID 88562) |
|---|
| 제출 | 2025. 07. 31. AM 02:19 (9 개월 ago) |
|---|
| 모더레이션 | 2025. 08. 09. AM 07:34 (9 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 319320 [LitmusChaos Litmus 까지 3.19.0] |
|---|
| 포인트들 | 20 |
|---|