Target application included a username field restricted by a frontend regex filter (/^[a-zA-Z0-9]{1,20}$/), designed to accept only alphanumeric characters. While this initially appeared robust, the researcher discovered that the backend failed to revalidate inputs after the regex check. This oversight allowed specially crafted payloads to bypass client-side controls and execute arbitrary commands on the server. […]

The post Researcher Exploits Regex Filter Flaw to Gain Remote Code Execution appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/researcher-exploits-regex-filter-flaw/