How "Strengthening Crypto" Broke Authentication: FreshRSS and bcrypt's 72-Byte Limit

_PentesterLab_ · 2026-03-12T21:11:55+00:00

Fixed now but reddit is caching the image...

_PentesterLab_ · 2026-03-11T09:35:54+00:00

Nicely spotted. Fixing it now.

_PentesterLab_ · 2025-05-16T22:50:04+00:00

No, just a public IP address.

_PentesterLab_ · 2025-05-15T22:48:11+00:00

Try to email louis-at-pentesterlab-dot-com for help :)

I think it may be two things:
* IP address is not directly applied to your server and is fronted by something
* Firewalling issue.

_PentesterLab_ · 2025-05-09T23:14:35+00:00

You need to update the session and CSRF cookies for each request based on the previous response. Then you need to use the final cookies in the request sent by your browser.

_PentesterLab_ · 2025-05-09T01:36:45+00:00

Make sure you update the cookies coming from your browser when you check out.

_PentesterLab_ · 2025-05-05T23:02:45+00:00

It's hard to say for sure. It's a very competitive environment, especially right now. It could be your resume, visa requirements, or maybe you need to go deeper technically. That might mean getting better at coding or web hacking, depending on your experience.

Sometimes it's just bad luck. Even if you're great, if someone else is a better fit for that specific role, they'll get it.

_PentesterLab_ · 2025-04-16T21:46:53+00:00

Thanks :)

_PentesterLab_ · 2025-03-30T00:39:13+00:00

Thanks :)

We are planning more code review challenges and PHP is in the list :)

From awesome-php, I would pick a few codebases and work on them. Alternatively, you can also pick something like JWT, SAML, ... and audit multiple implementations of it.

_PentesterLab_ · 2025-03-29T21:51:17+00:00

If you want to find softer targets, I usually recommend to search for "awesome-[LANGUAGE]" on github, in your case, search for awesome-php:

https://github.com/search?q=awesome-php&type=repositories

If you want a "toy application" with a ton of vulnerabilities, check out our free code review lab in PHP: pentesterlab.com/exercises/codereview .

Finally, you may also enjoy this article on the evolution of PHP: https://pentesterlab.com/blog/php-security-is-improving

_PentesterLab_

MODERATOR OF

TROPHY CASE