ReDoS (Regular Expression Denial of Service)

Last modified: 2023-10-12


ReDOS is an attack method to compromise the Regex vulnerabilities which evaluate arbitrary inputs.

Evil (Vulnerable) Regex

(.*a){x} for x \> 10

<!-- -->

Malicious Input

If a target website validates user input with the above vulnerable Regex, we may be able to compromise the target system by the following malicious input: