This application is verfying wether the input from the user is a valid email or not, using regex.
If we insert a valid email and verify it clicking on the button "Verify my email", the application will reply with "Matched".
If the email is not in the format user@domain.tld, the app will return "Not Matched"
The application uses regex to identify a valid email. The regex tries to find every possible combinations of a pattern in the text:
A username can have one or more - (dash) or . (dot) in the username and/or letters and number. In the domain we could have one or more - (dash) and letters and/or numbers.
In order to identify a possible DoS we can manipulate the input increasing the legth.
Step 2
Let's use Burp to see if we can trigger the app to "think" more than usual when our input increases the size.
We first send a normal request and monitor the response time in ms
If we increase the leght of our payload we can see that the ms increases: from 2ms to 33ms:
Let's increase the lenght of the payload even more. From 28 characters, we send 35. The response arrives in 3291ms. As we can see the TTR (Time To Respond) is increases exponentially.
Exploitation
We want to exploit this problem to create a DoS (Denial of Service) and make the app unavailable.
This application is verfying wether the input from the user is a valid email or not, using regex.
If we insert a valid email and verify it clicking on the button "Verify my email", the application will reply with "Matched".
If the email is not in the format user@domain.tld, the app will return "Not Matched"
The application uses regex to identify a valid email. The regex tries to find every possible combinations of a pattern in the text:
A username can have one or more - (dash) or . (dot) in the username and/or letters and number. In the domain we could have one or more - (dash) and letters and/or numbers.
In order to identify a possible DoS we can manipulate the input increasing the legth.
Step 2
Let's use Burp to see if we can trigger the app to "think" more than usual when our input increases the size.
We first send a normal request and monitor the response time in ms
If we increase the leght of our payload we can see that the ms increases: from 8ms to 49ms:
Let's increase the lenght of the payload even more.The response arrives in 2760ms. As we can see the TTR (Time To Respond) is increases exponentially.
Exploitation
We want to exploit this problem to create a DoS (Denial of Service) and make the app unavailable.
We now send a very long string and wait till the app crashes or exhausts all the resources.
This application is verfying wether the input from the user is a valid email or not, using regex.
If we insert a valid email and verify it clicking on the button "Verify my email", the application will reply with "Matched".
If the email is not in the format user@domain.tld, the app will return "Not Matched"
The application uses regex to identify a valid email. The regex tries to find every possible combinations of a pattern in the text:
A username can have one or more - (dash) or . (dot) in the username and/or letters and number. In the domain we could have one or more - (dash) and letters and/or numbers.
In order to identify a possible DoS we can manipulate the input increasing the legth.
Step 2
Let's use Burp to see if we can trigger the app to "think" more than usual when our input increases the size.
We first send a normal request and monitor the response time in ms
If we increase the leght of our payload we can see that the ms increases: from 1ms to 11ms:
Something is happening !!!
Let's increase the lenght of the payload even more. From 19 characters, we send 25. The response arrives in 1667ms. As we can see the TTR (Time To Respond) is increases exponentially.
Exploitation
We want to exploit this problem to create a DoS (Denial of Service) and make the app unavailable.
