bug-bounty434
xss281
google261
microsoft220
facebook194
apple140
rce139
malware103
exploit101
bragging-post97
account-takeover94
cve79
csrf77
authentication-bypass67
privilege-escalation62
access-control53
phishing51
dos49
defi48
smart-contract47
supply-chain46
browser45
ethereum44
writeup44
cloudflare44
ssrf44
stored-xss44
open-source43
sql-injection41
web339
input-validation38
web-security38
aws37
cross-site-scripting36
docker36
ai-agents35
reverse-engineering35
reflected-xss34
react34
api-security34
oauth33
smart-contract-vulnerability33
burp-suite32
idor31
information-disclosure31
node30
race-condition30
denial-of-service29
web-application28
responsible-disclosure27
0
6/10
vulnerability
An application-level denial-of-service vulnerability exploitable by sending excessively long strings (100,000+ characters) to input fields, causing CPU and memory exhaustion through vulnerable string hashing implementations. The technique can be applied to password fields, usernames, email addresses, and other text inputs across authentication and search functions.
denial-of-service
dos
long-string-attack
hash-dos
cpu-exhaustion
application-level-dos
input-validation
password-field
bug-bounty
vulnerability-testing
Jerry Shah
HackerOne
Freedium