part of poc cve-2024-32002

Syntropy Security's comprehensive security audit of the Online Banking Management System v1.0. Our assessment concludes that the application in its current state poses unacceptable risk to the organization. We identified five (5) critical security failures that would cause catastrophic financial loss and total operational paralysis if deployed.

🚨 Demonstrate CVE-2025-55182, a critical React vulnerability allowing remote code execution via prototype chain pollution in `react-server-dom-webpack@19.0.0`.

💥 Identify critical vulnerabilities in the SourceCodester Online Banking System v1.0, ensuring financial security and awareness of unpatched risks.

MalTrail - Command Injection / RCE

FreePBX CVE-2025-57819 lab (Docker) + Nuclei POC for unauth SQLi (time-based).

Script for checking CVE-2024-6387 (regreSSHion)

CVE-2025-3515 WordPress lab for Drag and Drop Multiple File Upload for CF7: Dockerized PoC & Nuclei testing

CVE-2016-15042 lab: Dockerized WordPress PoC for unauthenticated file upload in Frontend File Manager <4.0 and N‑Media Post Front‑end Form <1.1

Detect CVE-2025-55182 (React2Shell) RCE vulnerability in React Server Components. Fast, accurate scanner with zero false positives.

Obtain RCE by poisoning .vscode folder

my tools that i use for bug hunter

OWASP Security Training & Penetration Testing Lab

log4shell (CVE-2021-44228) scanning tool

Hack The Box Writeup for Retired Challenge ReactOOPS - Complete solution and educational guide to CVE-2025-55182/CVE-2025-66478 (React2Shell RCE). Includes detailed vulnerability analysis, exploitation techniques, and team learning materials.

gf patterns for security research

POC - CVE-2024-21534 Jsonpath-plus vulnerable to Remote Code Execution (RCE) due to improper input sanitization

React2Shell vulnerability (CVE-2025-55182 / CVE-2025-66478)

local poc for CVE-2024-32002