bug-bounty413
xss277
google249
microsoft215
facebook191
apple139
rce124
malware101
bragging-post92
account-takeover88
exploit86
csrf73
cve70
authentication-bypass67
privilege-escalation60
access-control53
phishing48
defi48
dos47
smart-contract47
ethereum44
writeup44
open-source43
supply-chain42
ssrf42
cloudflare42
sql-injection41
browser40
web339
stored-xss39
aws37
web-security36
docker36
input-validation36
ai-agents35
api-security34
smart-contract-vulnerability33
reverse-engineering32
react32
information-disclosure31
idor31
burp-suite30
oauth29
denial-of-service29
cross-site-scripting29
node28
reflected-xss28
race-condition27
web-application27
clickjacking25
0
6/10
vulnerability
An application-level denial-of-service vulnerability exploitable by sending excessively long strings (100,000+ characters) to input fields, causing CPU and memory exhaustion through vulnerable string hashing implementations. The technique can be applied to password fields, usernames, email addresses, and other text inputs across authentication and search functions.
denial-of-service
dos
long-string-attack
hash-dos
cpu-exhaustion
application-level-dos
input-validation
password-field
bug-bounty
vulnerability-testing
Jerry Shah
HackerOne
Freedium