| Название | Open-Source Web LitmusChaos 3.19.0 Input Validation Bypass |
|---|
| Описание | A frontend-only validation flaw was identified in the LitmusChaos 3.19.0 platform that allows attackers to bypass character restrictions on user profile fields, such as the display name. The client-side interface prevents input of special characters (e.g., !@#$%¨&)), but the backend fails to enforce equivalent validation, leading to inconsistent input handling and possible downstream effects.
During testing, it was observed that the application performs input sanitization only on the client side, using JavaScript or HTML5 form validation. However, this can be easily circumvented by intercepting and modifying the HTTP request via tools such as Burp Suite.
By sending crafted requests directly to the backend, an attacker can store and display values containing unexpected or restricted characters—such as !@#$%¨&)—in user-controlled fields like the profile display name. |
|---|
| Источник | ⚠️ https://github.com/MaiqueSilva/VulnDB/blob/main/README02.md |
|---|
| Пользователь | maique (UID 88562) |
|---|
| Представление | 31.07.2025 02:19 (9 месяцы назад) |
|---|
| Модерация | 09.08.2025 07:34 (9 days later) |
|---|
| Статус | принято |
|---|
| Запись VulDB | 319320 [LitmusChaos Litmus до 3.19.0] |
|---|
| Баллы | 20 |
|---|