Is VBScript RegExp object exploitable with a code injection or does it escape special characters?
The VBScript’s RegExp object used in Classic ASP allows one to set a pattern then execute it. If a user provides the search string, is it exploitable for IDS08-J / CWE-625 (Permissive Regex)? Or does the RegExp object sanitize input to … Continue reading Is VBScript RegExp object exploitable with a code injection or does it escape special characters?