regex – Page 4 – WindowsTechs.com

Is it safe to pass user input through rails gsub?

Posted on September 10, 2019 by Tim Abell

Are there risks associated with using gsub on user input? Can it be used for regular expression DoS?

Continue reading Is it safe to pass user input through rails gsub?→

Regex DoS: Is OWASP’s characterization of "evil regexes" complete?

Posted on September 2, 2019 by Shuzheng

OWASP defines “evil regex” (here) as follows:

Evil Regexes
A Regex is called “evil” if it can stuck on crafted input.
Evil Regex pattern contains:
Grouping with repetition
Inside the repeat… Continue reading Regex DoS: Is OWASP’s characterization of "evil regexes" complete?→

Please help me understand this PHP hack,how can i bypass this re

Posted on August 24, 2019 by phper

$filename = $_GET[‘filename’];
if(preg_match(“/[^a-z\.]/”, $filename) == 1) {
echo “Hacker”;
die();
}

It can only include a file for this topic, but this file contains numbers. It has to be byp… Continue reading Please help me understand this PHP hack,how can i bypass this re→

What is the risk of allowing user input in Python’s ‘re’ module

Posted on June 13, 2019 by Paradoxis

Some context

I’m currently building an application which lets user’s set up dynamic, queries they can execute later. A great addition to this seems like a regex module, in which users can filter based on a given regular expr… Continue reading What is the risk of allowing user input in Python’s ‘re’ module→

Boolean blind SQLi with sqlmap

Posted on June 8, 2019 by user209814

I am trying to run sqlmap in order to find a flag for a CTF. The injection string is sent via a POST request in the parameter called search. The response is received as either 1, 2, or 3 (error codes), or flag{flag_name} (suc… Continue reading Boolean blind SQLi with sqlmap→

CapLoader 1.8 Released

Posted on May 28, 2019 by Erik Hjelmvik

We are happy to announce the release of CapLoader 1.8 today! CapLoader is primarily used to filter, slice and dice large PCAP datasets into smaller ones. This new version contains several new features that improves this filtering functionality even fur… Continue reading CapLoader 1.8 Released→

Can a Regex without characters [(+*{}? be dangerous?

Posted on May 22, 2019 by Fabian Enrique Gutierrez

I want to create some functionality for non dangerous regex.
I want to accept only very few regex cases where it is safe to assume that they are not malicious (but still giving the user some flexibility).

Is this possible avoiding the [(+… Continue reading Can a Regex without characters [(+*{}? be dangerous?→

How to filter HTML Event in Native PHP7

Posted on March 7, 2019 by Reyhan Fabiano

i want to creating xss filter for my own project, this is for html event filtering

preg_replace(“/ on\w+='[^’]*’/i”, ”, preg_replace(‘/ on\w+=”[^”]*”/i’, ”, $framed));

but considering to more efective way, i would thin… Continue reading How to filter HTML Event in Native PHP7→

Is this regular expression vulnerable to DoS?

Posted on March 1, 2019 by Duncan Jones

FindBugs flagged the following email address validation regex as vulnerable to DoS:

^[\w!#$%&’*+/=?`{|}~^-]+(?:\.[\w!#$%&’*+/=?`{|}~^-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}$

Here’s an easier to read version that su… Continue reading Is this regular expression vulnerable to DoS?→

Is this regular expression vulnerable to DoS?

Posted on March 1, 2019 by Duncan Jones

FindBugs flagged the following email address validation regex as vulnerable to DoS:

^[\w!#$%&’*+/=?`{|}~^-]+(?:\.[\w!#$%&’*+/=?`{|}~^-]+)*@(?:[a-zA-Z0-9-]+\.)+[a-zA-Z]{2,6}$

Here’s an easier to read version that su… Continue reading Is this regular expression vulnerable to DoS?→