HACKERBADGER

Breaking things. Writing it down.

Visual_ID: HACKERBADGER

Latest Research

[RECORDS_FOUND: 65]

Galaxy Dash: Broken Access Control via Writable Avatar Field

2026.06.05

BugForge medium Broken Access Control

Part 1: Pentest Report

#broken-access-control #idor #authorization-bypass #multi-tenant #bugforge

Hacker's Paradise: Full-Response SSRF to Internal Admin Service

2026.06.03

BugForge medium Full-Response SSRF

#ssrf #full-response-ssrf #internal-service #broken-access-control #cwe-918 #bugforge

DiceForge: Authentication Bypass via Spoofable Client-IP Header

2026.06.03

BugForge easy Authentication Bypass via Spoofable Client-IP Header

Part 1: Pentest Report

#access-control #header-spoofing #ip-allowlist #fuzzing #bugforge

analytics

Activity Log

[2026.06.05] New writeup published: Galaxy Dash: Broken Access Control via Writable Avatar Field

[2026.06.03] New writeup published: Hacker's Paradise: Full-Response SSRF to Internal Admin Service

[2026.06.03] New writeup published: DiceForge: Authentication Bypass via Spoofable Client-IP Header

[2026.06.03] New writeup published: CopyPasta: API Token Disclosure to Dual-Auth Admin Takeover

[2026.06.03] New writeup published: Cafe Club: Readable SSRF to Internal Admin API

construction

Toolkit

web v0.3.0

Caido Workbench

SQLi and JWT workbench plugin for Caido proxy.

speed v1.2.0

Race

HTTP/2 single-packet race condition testing.

key v1.0.0

JWTForge

JWT creation, modification, and signing tool.

more_horiz

More Coming

Additional tools in development.