../ ReDoS
regexpayloadDef. “Evil Regex” = regular expression pattern that gets stuck on crafted input => DoS
Vulnerable:
(a+)+
([a-zA-Z]+)*
(a|aa)+
(a|a?)+
(.*a){x} for x > 10
Payload:
aaaaaaaaaaaaaaaaaaaaaaaa!
Online checker: devina.io/redos-checker