Skip to main content

Posts

Featured

Range Request DoS: An uncontrolled memory consumption vector in Go's net/http

In this blog I highlight a very old DoS technique, which works via usage of HTTP's range requests, which I have dubbed RRDoS for the rest of the post [short for Range Request Denial of Service]. This is not to be confused with ReDoS, which depends on misconfigured regex.
What are Range requests? Let's first understand what range requests are. Simply put by MDN- HTTP range requests allow to send only a portion of an HTTP message from a server to a client. Partial requests are useful for large media or downloading files with pause and resume functions, for example.
As an example, if there is an endpoint which serves an image at path /static/cat.jpg whose size is 1024 bytes, then we can request the first 10 bytes only by sending a request like: GET /static/cat.jpg HTTP/1.1 Host: www.test.com Range: bytes=0-10 Now if the server accepts range requests, it will reply with something like:  HTTP/1.1 206 Partial Content Content-Range: bytes 0-10/1024 Content-Length: 10 Now that we know …

Latest Posts

[SSTI] Exploiting Go's template engine to get XSS

Introducing Slacker: Monitoring subdomain additions in real time and automating directory scanning

Escalating subdomain takeovers to steal cookies by abusing document.domain

Got my OSCP cert!

Unauthorised file upload in withgoogle.com site

Web cache deception in Valve

Private video info disclosure through API in Vimeo!

XSS in Paypal acquisition!