📄 Soosyze CMS 2.0 Rate Limit Scanner_PACKETSTORM:215963

Description

Soosyze CMS 2.0 suffers from a missing authentication rate‑limiting vulnerability CWE‑307 on the /user/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or...

Visit Original Source

Basic Information

ID PACKETSTORM:215963

Published Feb 20, 2026 at 00:00

Affected Product

Affected Versions =============================================================================================================================================
| # Title : Soosyze CMS 2.0 - Vulnerability Scanner |
| # Author : indoushka |
| # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits) |
| # Vendor : https://github.com/soosyze/soosyze |
=============================================================================================================================================

[+] Summary : Soosyze CMS 2.0 suffers from a missing authentication rate‑limiting vulnerability (CWE‑307) on the /user/login endpoint.
The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA.
The provided automatic detection script (PHP) safely verifies this weakness by sending a small number of controlled failed login attempts and analyzing HTTP responses.
If responses remain consistent (e.g., HTTP 200 with no delay or blocking), the target is flagged as vulnerable, confirming the absence of defensive controls.

[+] Impact: Enables brute-force and credential‑stuffing attacks, potentially leading to account takeover and privilege escalation.

[+] POC: php poc.php

<?php

declare(strict_types=1);

error_reporting(E_ALL);
ini_set('display_errors', '1');

$baseUrl = $argv[1] ?? 'http://localhost:8000';
$loginPath = '/user/login';
$formUrl = rtrim($baseUrl, '/') . $loginPath;

$testEmail = '[email protected]';
$testPass = 'WrongPassword123!';

$attempts = 7;
$delayUs = 300000;

$cookieFile = tempnam(sys_get_temp_dir(), 'soosyze_scan_');

function curlReq(string $url, array $opts = []): array
{
$ch = curl_init($url);
curl_setopt_array($ch, [
CURLOPT_RETURNTRANSFER => true,
CURLOPT_HEADER => true,
CURLOPT_FOLLOWLOCATION => false,
CURLOPT_SSL_VERIFYPEER => false,
CURLOPT_SSL_VERIFYHOST => false,
] + $opts);

$response = curl_exec($ch);
$info = curl_getinfo($ch);
curl_close($ch);

return [$response ?: '', $info];
}

function extractToken(string $html): array
{
if (preg_match(
'/name="([_a-zA-Z0-9:-]*(csrf|token)[_a-zA-Z0-9:-]*)".*?value="([^"]*)"/i',
$html,
$m
)) {
return [$m[1], $m[3]];
}
return ['', ''];
}

echo "[*] Soosyze CMS Brute Force Vulnerability Detector\n";
echo "[*] Target: {$formUrl}\n\n";

$codes = [];

for ($i = 1; $i <= $attempts; $i++) {

[$page, ] = curlReq($formUrl, [
CURLOPT_COOKIEJAR => $cookieFile,
CURLOPT_COOKIEFILE => $cookieFile
]);

[$tokenName, $tokenValue] = extractToken($page);

$postData = [
'email' => $testEmail,
'password' => $testPass
];

if ($tokenName) {
$postData[$tokenName] = $tokenValue;
}

[, $info] = curlReq($formUrl, [
CURLOPT_POST => true,
CURLOPT_POSTFIELDS => http_build_query($postData),
CURLOPT_COOKIEJAR => $cookieFile,
CURLOPT_COOKIEFILE => $cookieFile,
CURLOPT_HTTPHEADER => [
'Content-Type: application/x-www-form-urlencoded',
'Referer: ' . $formUrl
]
]);

$code = $info['http_code'] ?? 0;
$codes[] = $code;

echo "[{$i}] Failed login attempt - HTTP {$code}\n";
usleep($delayUs);
}

@unlink($cookieFile);

$uniqueCodes = array_unique($codes);

echo "\n[*] Analysis:\n";

if (count($uniqueCodes) === 1 && in_array(200, $uniqueCodes, true)) {
echo "[!] VULNERABLE: No rate limiting or lockout detected\n";
echo "[!] CWE-307 confirmed\n";
} else {
echo "[+] Protection detected (rate limiting / lockout / anomaly)\n";
}

echo "\n[*] Scan completed\n";

Greetings to :=====================================================================================
jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|
===================================================================================================

{
    "lastseen": "2026-02-20T22:59:54",
    "description": "Soosyze CMS 2.0 suffers from a missing authentication rate\u2011limiting vulnerability CWE\u2011307 on the /user/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or...",
    "published": "2026-02-20T00:00:00",
    "modified": "2026-02-20T00:00:00",
    "type": "packetstorm",
    "title": "\ud83d\udcc4 Soosyze CMS 2.0 Rate Limit Scanner",
    "source": "",
    "references": "",
    "id": "PACKETSTORM:215963",
    "bulletinFamily": "exploit",
    "cwe": null,
    "cvelist": [],
    "sourceData": "=============================================================================================================================================\n    | # Title     : Soosyze CMS 2.0 - Vulnerability Scanner                                                                                     |\n    | # Author    : indoushka                                                                                                                   |\n    | # Tested on : windows 11 Fr(Pro) / browser : Mozilla firefox 147.0.1 (64 bits)                                                            |\n    | # Vendor    : https://github.com/soosyze/soosyze                                                                                          |\n    =============================================================================================================================================\n    \n    [+] Summary    : Soosyze CMS 2.0 suffers from a missing authentication rate\u2011limiting vulnerability (CWE\u2011307) on the /user/login endpoint. \n                     The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA.\n                     The provided automatic detection script (PHP) safely verifies this weakness by sending a small number of controlled failed login attempts and analyzing HTTP responses. \n    \t\t\t\t If responses remain consistent (e.g., HTTP 200 with no delay or blocking), the target is flagged as vulnerable, confirming the absence of defensive controls.\n    \n    [+] Impact: Enables brute-force and credential\u2011stuffing attacks, potentially leading to account takeover and privilege escalation.\n    \n    [+] POC:  php poc.php \n    \n    <?php\n    \n    declare(strict_types=1);\n    \n    error_reporting(E_ALL);\n    ini_set('display_errors', '1');\n    \n    $baseUrl    = $argv[1] ?? 'http://localhost:8000';\n    $loginPath = '/user/login';\n    $formUrl   = rtrim($baseUrl, '/') . $loginPath;\n    \n    $testEmail = '[email protected]';\n    $testPass  = 'WrongPassword123!';\n    \n    $attempts  = 7; \n    $delayUs   = 300000;\n    \n    $cookieFile = tempnam(sys_get_temp_dir(), 'soosyze_scan_');\n    \n    function curlReq(string $url, array $opts = []): array\n    {\n        $ch = curl_init($url);\n        curl_setopt_array($ch, [\n            CURLOPT_RETURNTRANSFER => true,\n            CURLOPT_HEADER => true,\n            CURLOPT_FOLLOWLOCATION => false,\n            CURLOPT_SSL_VERIFYPEER => false,\n            CURLOPT_SSL_VERIFYHOST => false,\n        ] + $opts);\n    \n        $response = curl_exec($ch);\n        $info = curl_getinfo($ch);\n        curl_close($ch);\n    \n        return [$response ?: '', $info];\n    }\n    \n    function extractToken(string $html): array\n    {\n        if (preg_match(\n            '/name=\"([_a-zA-Z0-9:-]*(csrf|token)[_a-zA-Z0-9:-]*)\".*?value=\"([^\"]*)\"/i',\n            $html,\n            $m\n        )) {\n            return [$m[1], $m[3]];\n        }\n        return ['', ''];\n    }\n    \n    echo \"[*] Soosyze CMS Brute Force Vulnerability Detector\\n\";\n    echo \"[*] Target: {$formUrl}\\n\\n\";\n    \n    $codes = [];\n    \n    for ($i = 1; $i <= $attempts; $i++) {\n    \n        [$page, ] = curlReq($formUrl, [\n            CURLOPT_COOKIEJAR => $cookieFile,\n            CURLOPT_COOKIEFILE => $cookieFile\n        ]);\n    \n        [$tokenName, $tokenValue] = extractToken($page);\n    \n        $postData = [\n            'email'    => $testEmail,\n            'password' => $testPass\n        ];\n    \n        if ($tokenName) {\n            $postData[$tokenName] = $tokenValue;\n        }\n    \n        [, $info] = curlReq($formUrl, [\n            CURLOPT_POST => true,\n            CURLOPT_POSTFIELDS => http_build_query($postData),\n            CURLOPT_COOKIEJAR => $cookieFile,\n            CURLOPT_COOKIEFILE => $cookieFile,\n            CURLOPT_HTTPHEADER => [\n                'Content-Type: application/x-www-form-urlencoded',\n                'Referer: ' . $formUrl\n            ]\n        ]);\n    \n        $code = $info['http_code'] ?? 0;\n        $codes[] = $code;\n    \n        echo \"[{$i}] Failed login attempt - HTTP {$code}\\n\";\n        usleep($delayUs);\n    }\n    \n    @unlink($cookieFile);\n    \n    \n    $uniqueCodes = array_unique($codes);\n    \n    echo \"\\n[*] Analysis:\\n\";\n    \n    if (count($uniqueCodes) === 1 && in_array(200, $uniqueCodes, true)) {\n        echo \"[!] VULNERABLE: No rate limiting or lockout detected\\n\";\n        echo \"[!] CWE-307 confirmed\\n\";\n    } else {\n        echo \"[+] Protection detected (rate limiting / lockout / anomaly)\\n\";\n    }\n    \n    echo \"\\n[*] Scan completed\\n\";\n    \n    \n    Greetings to :=====================================================================================\n    jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\n    ===================================================================================================",
    "sourceHref": "https://packetstorm.news/download/215963",
    "cvss": {
        "score": 0,
        "severity": "NONE",
        "vector": "NONE",
        "version": "NONE"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "https://packetstorm.news/files/id/215963/",
    "category_name": "Exploit",
    "post_link": "",
    "product": "",
    "version": "",
    "vendor": "",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

Description

Basic Information

Affected Product

💭 Join the Security Discussion ❌ Cancel Reply