Denial of Service Testing Vulnerabilities

Denial of Service (DoS) vulnerabilities allow attackers to disrupt service availability by exhausting system resources or exploiting flawed logic.

These vulnerabilities highlight risks in input validation, resource management, and architectural design that attackers exploit to disrupt services.

SQL Wildcard Vulnerability

CPU exhaustion: Malicious wildcard queries (e.g., `%` in SQL Server) force full-table scans, consuming database CPU. For example, `LIKE ‘%a%a%a%’` triggers exponential processing in large datasets. 

Application-layer impact: Search features in CMS or e-commerce platforms may process excessive records, overwhelming application servers. 

Locking Customer Accounts 

Authentication abuse: Repeated failed login attempts trigger account lockouts, denying legitimate users access. Attackers automate credential stuffing to exhaust lockout thresholds.

Resource strain: Lockout mechanisms that log events or send notifications can overload systems under sustained attacks. 

Buffer Overflows

Memory corruption: User inputs exceeding allocated buffer sizes crash applications or enable arbitrary code execution. For example, oversized HTTP headers or payloads exploit web server vulnerabilities. 

Session handling: Overloaded session variables (e.g., storing large files) cause application layer failures. 

User-Specified Object Allocation 

Resource exhaustion: Allowing users to define object sizes (e.g., arrays or files) leads to excessive memory/disk consumption. For instance, uploading a 10GB file to a service with no size limits. 

Unbounded growth: Dynamic allocation without constraints enables attackers to deplete system resources (e.g., creating millions of temporary objects). 

User Input as a Loop Counter

Infinite loops: Maliciously crafted integers (e.g., `1000000000`) force applications into computationally intensive loops, starving CPU resources

Unexpected behavior: Unvalidated loop counters bypass security controls, enabling unauthorized actions or crashes

Writing User-Provided Data to Disk

Storage saturation: Large files or high-volume data submissions fill disk space, preventing logging or critical operations. Log files with unrestricted growth are prime targets.

CRC manipulation: Incomplete or malformed uploads trigger repeated CRC checks, consuming I/O resources.

Failure to Release Resources

Connection leaks: Unclosed database connections, file handles, or network sockets deplete available pools, blocking legitimate users. 

Memory leaks: Poorly managed session data or caching mechanisms gradually exhaust server memory. 

Storing Too Much Data in Session

Session overflow: Overloading session variables (e.g., storing large datasets) crashes application servers or slows response times.

Complex session objects: Serializing large objects (e.g., images) increases CPU/memory usage during session handling.