{“lastseen”:”2026-02-20T22:59:54″,”description”:”Soosyze CMS 2.0 suffers from a missing authentication rate\u2011limiting vulnerability CWE\u2011307 on the \/user\/login endpoint. The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or…”,”published”:”2026-02-20T00:00:00″,”modified”:”2026-02-20T00:00:00″,”type”:”packetstorm”,”title”:”\ud83d\udcc4 Soosyze CMS 2.0 Rate Limit Scanner”,”source”:””,”references”:””,”id”:”PACKETSTORM:215963″,”bulletinFamily”:”exploit”,”cwe”:null,”cvelist”:[],”sourceData”:”=============================================================================================================================================\\n | # Title : Soosyze CMS 2.0 – Vulnerability Scanner |\\n | # Author : indoushka |\\n | # Tested on : windows 11 Fr(Pro) \/ browser : Mozilla firefox 147.0.1 (64 bits) |\\n | # Vendor : https:\/\/github.com\/soosyze\/soosyze |\\n =============================================================================================================================================\\n \\n [+] Summary : Soosyze CMS 2.0 suffers from a missing authentication rate\u2011limiting vulnerability (CWE\u2011307) on the \/user\/login endpoint. \\n The application allows unlimited failed login attempts without triggering protections such as rate limiting, account lockout, or CAPTCHA.\\n The provided automatic detection script (PHP) safely verifies this weakness by sending a small number of controlled failed login attempts and analyzing HTTP responses. \\n \\t\\t\\t\\t If responses remain consistent (e.g., HTTP 200 with no delay or blocking), the target is flagged as vulnerable, confirming the absence of defensive controls.\\n \\n [+] Impact: Enables brute-force and credential\u2011stuffing attacks, potentially leading to account takeover and privilege escalation.\\n \\n [+] POC: php poc.php \\n \\n \\u003c?php\\n \\n declare(strict_types=1);\\n \\n error_reporting(E_ALL);\\n ini_set(‘display_errors’, ‘1’);\\n \\n $baseUrl = $argv[1] ?? ‘http:\/\/localhost:8000’;\\n $loginPath = ‘\/user\/login’;\\n $formUrl = rtrim($baseUrl, ‘\/’) . $loginPath;\\n \\n $testEmail = ‘invalid@test.com’;\\n $testPass = ‘WrongPassword123!’;\\n \\n $attempts = 7; \\n $delayUs = 300000;\\n \\n $cookieFile = tempnam(sys_get_temp_dir(), ‘soosyze_scan_’);\\n \\n function curlReq(string $url, array $opts = []): array\\n {\\n $ch = curl_init($url);\\n curl_setopt_array($ch, [\\n CURLOPT_RETURNTRANSFER =\\u003e true,\\n CURLOPT_HEADER =\\u003e true,\\n CURLOPT_FOLLOWLOCATION =\\u003e false,\\n CURLOPT_SSL_VERIFYPEER =\\u003e false,\\n CURLOPT_SSL_VERIFYHOST =\\u003e false,\\n ] + $opts);\\n \\n $response = curl_exec($ch);\\n $info = curl_getinfo($ch);\\n curl_close($ch);\\n \\n return [$response ?: ”, $info];\\n }\\n \\n function extractToken(string $html): array\\n {\\n if (preg_match(\\n ‘\/name=\\”([_a-zA-Z0-9:-]*(csrf|token)[_a-zA-Z0-9:-]*)\\”.*?value=\\”([^\\”]*)\\”\/i’,\\n $html,\\n $m\\n )) {\\n return [$m[1], $m[3]];\\n }\\n return [”, ”];\\n }\\n \\n echo \\”[*] Soosyze CMS Brute Force Vulnerability Detector\\\\n\\”;\\n echo \\”[*] Target: {$formUrl}\\\\n\\\\n\\”;\\n \\n $codes = [];\\n \\n for ($i = 1; $i \\u003c= $attempts; $i++) {\\n \\n [$page, ] = curlReq($formUrl, [\\n CURLOPT_COOKIEJAR =\\u003e $cookieFile,\\n CURLOPT_COOKIEFILE =\\u003e $cookieFile\\n ]);\\n \\n [$tokenName, $tokenValue] = extractToken($page);\\n \\n $postData = [\\n ’email’ =\\u003e $testEmail,\\n ‘password’ =\\u003e $testPass\\n ];\\n \\n if ($tokenName) {\\n $postData[$tokenName] = $tokenValue;\\n }\\n \\n [, $info] = curlReq($formUrl, [\\n CURLOPT_POST =\\u003e true,\\n CURLOPT_POSTFIELDS =\\u003e http_build_query($postData),\\n CURLOPT_COOKIEJAR =\\u003e $cookieFile,\\n CURLOPT_COOKIEFILE =\\u003e $cookieFile,\\n CURLOPT_HTTPHEADER =\\u003e [\\n ‘Content-Type: application\/x-www-form-urlencoded’,\\n ‘Referer: ‘ . $formUrl\\n ]\\n ]);\\n \\n $code = $info[‘http_code’] ?? 0;\\n $codes[] = $code;\\n \\n echo \\”[{$i}] Failed login attempt – HTTP {$code}\\\\n\\”;\\n usleep($delayUs);\\n }\\n \\n @unlink($cookieFile);\\n \\n \\n $uniqueCodes = array_unique($codes);\\n \\n echo \\”\\\\n[*] Analysis:\\\\n\\”;\\n \\n if (count($uniqueCodes) === 1 \\u0026\\u0026 in_array(200, $uniqueCodes, true)) {\\n echo \\”[!] VULNERABLE: No rate limiting or lockout detected\\\\n\\”;\\n echo \\”[!] CWE-307 confirmed\\\\n\\”;\\n } else {\\n echo \\”[+] Protection detected (rate limiting \/ lockout \/ anomaly)\\\\n\\”;\\n }\\n \\n echo \\”\\\\n[*] Scan completed\\\\n\\”;\\n \\n \\n Greetings to :=====================================================================================\\n jericho * Larry W. Cashdollar * LiquidWorm * Hussin-X * D4NB4R * Malvuln (John Page aka hyp3rlinx)|\\n ===================================================================================================”,”sourceHref”:”https:\/\/packetstorm.news\/download\/215963″,”cvss”:{“score”:0,”severity”:”NONE”,”vector”:”NONE”,”version”:”NONE”},”cvss2″:{},”cvss3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””,”cvssV3″:{“version”:””,”vectorString”:””,”baseScore”:0,”baseSeverity”:””,”attackVector”:””,”attackComplexity”:””,”privilegesRequired”:””,”userInteraction”:””,”scope”:””,”confidentialityImpact”:””,”integrityImpact”:””,”availabilityImpact”:””}},”href”:”https:\/\/packetstorm.news\/files\/id\/215963\/”,”category_name”:”Exploit”,”post_link”:””,”product”:””,”version”:””,”vendor”:””,”ai_description”:””,”ai_severity”:””,”ai_vendor”:””,”ai_product”:””,”ai_version”:””,”ai_score”:0}<\/p>\n","protected":false},"excerpt":{"rendered":"
{“lastseen”:”2026-02-20T22:59:54″,”description”:”Soosyze CMS 2.0 suffers from a missing authentication rate\u2011limiting vulnerability CWE\u2011307 on the \/user\/login endpoint. The application allows unlimited failed login attempts without triggering protections…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[6,8,12,13,33,53,7,11,5],"class_list":["post-42061","post","type-post","status-publish","format-standard","hentry","category-category_exploit","tag-cve","tag-cvss","tag-exploit","tag-news","tag-none","tag-packetstorm","tag-security","tag-tapic","tag-vulnerability"],"yoast_head":"\n