The application is vulnerable to pixel flood attack, once the payload has been successfully uploaded in the logo the application begans to slow and the admin page doesn't respond.
- Set up an mailcow-docerized SMTP server.
- Login to the admin page and navigate to the "customize" functionality.
- Now change the logo to "lottapixel.jpg" and wait until it gets fully uploaded. Note: It will take some minutes to upload the lottapixel.jpg
The admin page becomes unresponsive after the payload is uploaded.
MailCow_DOS.mp4
The admin will not be able do anything as the admin page is completely become unresponsive which causes a pandemonium as no one has control over the mail server and can't do anything. As the MailCow is running the services in containers only the admin page is affected and others services like mail(SoGo), etc operates good.