The background verification code size can be controlled to cause a denial of service attack.

1.Right click to view the verification code image address
2.Found width and height in the url
3.Use burpsuite to fetch data and see the size of the returned package
4.Try modifying the length and width values and seeing the size of the returned package
5.Through the above test, we know that the vulnerability exists. If we send a 10000 packet to the server and the server takes 10s to process, then if we send 10 10000 packets?
10x10 = 100s
That is, the server takes 100s to process. When we send 100 such packets (of course, you should never throw them with 100 packets. Generally speaking, 20-50 test results can lead to website crashes.)

![image](https://user-images.githubusercontent.com/39295496/52945687-4b779e00-33ad-11e9-837d-ed96eed2c766.png)
![image](https://user-images.githubusercontent.com/39295496/52945828-9abdce80-33ad-11e9-9355-d86295dfabe9.png)
![image](https://user-images.githubusercontent.com/39295496/52945947-dd7fa680-33ad-11e9-841c-033e28172284.png)
![image](https://user-images.githubusercontent.com/39295496/52946550-3a2f9100-33af-11e9-99dd-86e77b95405c.png)






Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

The background verification code size can be controlled to cause a denial of service attack. #6

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Uh oh!

The background verification code size can be controlled to cause a denial of service attack. #6

Description

Metadata

Metadata

Assignees

Labels

Projects

Milestone

Relationships

Development

Issue actions