Regexploit¶
A regexploit is a poorly build regex, which takes a long time to execute, even for small inputs. While the regex itself may actually provide valid features, its performances may degrade quickly as the size of the input grows, leading to possible ddos by keeping the server busy.
<?php
//extracting version number
preg_match('(.+)\.(.+)\.(.+)', $string, $r);
?>
See also Regexploit - Put A Stop To Regular Expression DoS Attacks.
Related : Vulnerability, Regular Expression, Distributed Denial Of Service (DDOS)
