Rate-Limiting and Lockout Policies

To prevent attackers from repeatedly attempting to bypass 2FA, the application may have rate-limiting or lockout mechanisms in place that trigger after a set number of failed attempts, reverting the user to the initial login step.

Security-Driven Redirection

Some applications are designed to redirect users back to the login page after multiple failed 2FA attempts as an additional security measure, ensuring that the user's credentials are revalidated before allowing another 2FA attempt.

Manually creating an automation script for the attack offers more flexibility than using a single tool like ZAP or Burp Suite. You can customize your scripts to test specific scenarios, such as using different IP addresses or user agents or varying the timing between requests.

Recomendation from tryhackme

#tryhackme #OTP #bypass #bugbounty

WAF bypass techniques

#WAF #bypass #SQLi #bugbounty

Advent of Cyber 3-day Done )

It is well explained how to accurately and consistently identify incidents using Splunk.

#Tryhackme #Splunk #SIEM

🔥 10/10 React4shell

В официальном блоге React только что выкатили пост про CVE-2025-55182, которая позволяет в один запрос получить RCE. Уязвимы версии 19.0.0, 19.1.0, 19.1.1, 19.2.0, а еще фреймворки Next.JS, Vite, Parcel, и Waku.

Just when I thought the day was over… CVE-2025-55182 shows up 🫠

Сам баг находится в RSC-рантайме, который принимает данные и небезопасно десериализует их. Запатчиться сейчас почти никто не успел, а уязвимость можно считать одной из самых критичных, которые находили в React за все время.

https://github.com/ambionics/phpggc


Tool called PHP Gadge Chain (PHPGGC) that plays a crucial role in this process, automating the discovery of insecure deserialisation vulnerabilities. PHPGGC, akin to Ysoserial in the Java ecosystem, helps security professionals assess the security posture of PHP applications and mitigate potential risks.

PHP Gadget Chain (PHPGGC)

PHPGGC is primarily a tool for generating gadget chains used in PHP object injection attacks, specifically tailored for exploiting vulnerabilities related to PHP object serialisation and deserialisation.

#Deserialization #web #pentest #bugbounty

A proof-of-concept tool for generating payloads that exploit unsafe Java object deserialization.

https://github.com/frohoff/ysoserial

#deserialtiozan #java #web #pentest

Prototype Pollution Scanner

https://github.com/KathanP19/protoscan

#tool #PrototypePollution #pentest

https://tryhackme.com/room/react2shellcve202555182

#tryhackme #React2Shell #CVE

During a web application penetration test, we always aim to identify BAC (Broken Access Control) or IDOR vulnerabilities and etc. Along the way, we often encounter parameters such as “id=”, “user=”, or sometimes more complex ones like UUIDs. While guessing a UUID is nearly impossible, it’s still worth analyzing—doing so increases our chances of discovering high‑severity issues.

Even when we’re fully authenticated, we can inspect these parameters through Burp Suite or any other proxy tool. What I want to highlight is that UUIDs can sometimes be analyzed using online tools like https://www.uuidtools.com/decode
. It won’t always work—this often depends on how the developer implemented the system— but if decoding the UUID gives the desired result, you can expect to find some good bugs.

Happy hacking, go to find your bugs! 🐞🔥

#Web #BugBounty #Pentest #UUID

React2Shell Ultimate - The most comprehensive CVE-2025-66478 Scanner for Next.js RSC RCE vulnerability. Multi-mode detection, WAF bypass, local scanning.

https://github.com/hackersatyamrastogi/react2shell-ultimate