../ ReDoS

regexpayload

Def. “Evil Regex” = regular expression pattern that gets stuck on crafted input => DoS
Vulnerable:

(a+)+
([a-zA-Z]+)*
(a|aa)+
(a|a?)+
(.*a){x} for x > 10

Payload:

aaaaaaaaaaaaaaaaaaaaaaaa!

Online checker: devina.io/redos-checker