bug-bounty419
xss283
google256
microsoft216
facebook191
apple139
rce133
malware101
exploit96
bragging-post92
account-takeover90
cve76
csrf74
authentication-bypass67
privilege-escalation61
access-control53
phishing48
dos48
defi48
smart-contract47
writeup46
ethereum44
supply-chain44
ssrf44
cloudflare44
open-source43
browser42
sql-injection41
stored-xss39
web339
aws37
web-security36
input-validation36
docker36
ai-agents35
api-security34
smart-contract-vulnerability33
oauth33
reverse-engineering33
react33
idor31
information-disclosure31
node30
burp-suite30
race-condition29
cross-site-scripting29
denial-of-service29
reflected-xss28
web-application27
clickjacking26
0
6/10
vulnerability
An application-level denial-of-service vulnerability exploitable by sending excessively long strings (100,000+ characters) to input fields, causing CPU and memory exhaustion through vulnerable string hashing implementations. The technique can be applied to password fields, usernames, email addresses, and other text inputs across authentication and search functions.
denial-of-service
dos
long-string-attack
hash-dos
cpu-exhaustion
application-level-dos
input-validation
password-field
bug-bounty
vulnerability-testing
Jerry Shah
HackerOne
Freedium