Dark C0d3rs
HackerOne Disclosed Reports - 2026-06-30 - Printable Version

+- Dark C0d3rs (https://darkcoders.wiki)
+-- Forum: Exploit Log (https://darkcoders.wiki/Forum-Exploit-Log)
+--- Forum: Research Papers/Vulnerability reports (https://darkcoders.wiki/Forum-Research-Papers-Vulnerability-reports)
+--- Thread: HackerOne Disclosed Reports - 2026-06-30 (/Thread-HackerOne-Disclosed-Reports-2026-06-30)



HackerOne disclosed reports - 2026-06-30 - hashXploiter - 07-01-2026

Logo
High
resolved

Denial of Service (DoS) Vulnerability in Drafts Creation Endpoint


Bug reported by dpaysm was disclosed at June 30, 2026, 2:28 am   |   Uncontrolled Resource Consumption

A Denial of Service (DoS) vulnerability was identified in the /drafts.json endpoint on the Discourse forum. Large payloads (around 800,000 characters or more) submitted to create drafts caused the server to process the request, return a 502 Bad Gateway error, but still save the draft. Submitting multiple such large drafts led to significant server delays, with response times exceeding 32 seconds, indicating resource exhaustion.