Hi! I'm a pentester and a bug bounty hunter who's learning every day and sharing useful resources as I move along. Subscribe to my channel because I'll be sharing my knowledge in new videos regularly.
SIGN UP ON SNYK:
https://snyk.co/farah
BUY ME A COFFEE:
https://www.buymeacoffee.com/farahhawa
SOCIAL MEDIA:
Follow me on Twitter: https://twitter.com/farah_hawaa
Follow me on Instagram: https://instagram.com/farah_hawaa
Connect with me on LinkedIn: https://www.linkedin.com/in/farah-hawa-a012b8162/
TIME STAMPS:
00:00 Introduction
00:10 A message from Snyk
00:33 What is a regular expression?
01:04 Simple RegEx example
01:55 How does a RegEx work?
04:03 Lab Demo
5:33 Exploitation
7:39 Fixing the bug using Snyk
GITHUB REPOSITORY FOR THE VULNERABLE APP:
https://github.com/snyk/goof
RESOURCES FOR ReDOS:
https://snyk.io/vuln/npm:ms:20151024https://blog.mzfr.me/posts/2020-11-07-exported-activities/
https://snyk.io/blog/redos-vulnerabilities-in-npm-spikes-by-143-and-xss-continues-to-grow/
https://snyk.io/blog/redos-and-catastrophic-backtracking/
https://owasp.org/www-community/attacks/Regular_expression_Denial_of_Service_-_ReDoS
https://hackerone.com/reports/1000567
