NamelessMC Forum Search GET Parameter Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in NamelessMC versions through 2.1.4. The issue arises in the forum search functionality, where the 's' parameter in GET requests lacks proper length validation. This flaw allows attackers to submit excessively long search queries, potentially leading to performance degradation and service interruptions. While POST requests for forum search do enforce length restrictions, the GET parameter is only subjected to a basic alphanumeric filter without any limits.

Impact

Exploitation of this vulnerability can cause significant performance issues by disrupting normal server operations. The absence of length validation allows for the submission of extremely long strings, which can lead to inefficient database query processing, increased cache sizes, and overall degraded server performance. In severe cases, this could result in a complete service outage.

Reproduction

To reproduce this vulnerability, send a GET request to the forum search endpoint with the 's' parameter. Include either a single-character string or an excessively long string, such as one repeated multiple times to reach a length of 5000 characters. The request can be made using a web browser or a Python script that automates the process.

Remediation

Users can update to NamelessMC version 2.2.0, which addresses this vulnerability by implementing proper length validation for the 's' parameter in GET requests.