HACKERBADGER

HACKERBADGER

Breaking things. Writing it down.

HACKERBADGER
Visual_ID: HACKERBADGER

Latest Research

[RECORDS_FOUND: 32]

Gift List: OTP Recipient Manipulation → Admin Access

2026.04.09
BugForge easy Authentication Bypass

Overview Platform: BugForge Vulnerability: OTP Recipient Manipulation (Authentication Bypass) — admin login send-code endpoint accepts arbitrary usernam...

#otp-bypass #auth-bypass #parameter-manipulation #bugforge

Copypasta: UNION-Based SQL Injection

2026.04.08
BugForge easy SQL Injection

Overview Platform: BugForge Vulnerability: SQL Injection (UNION-based) — share_code path parameter concatenated directly into SQL query Key Technique:...

#sqli #union-injection #sqlite #credential-extraction

Tanuki: JWT None-Algorithm Bypass

2026.04.07
BugForge easy Authentication Bypass

Overview Platform: BugForge Vulnerability: JWT None-Algorithm Bypass leading to admin privilege escalation Key Technique: Forging an unsigned JWT with...

#JWT #none-algorithm #authentication-bypass #privilege-escalation

Cheesy Does It: Client-Side Price Tampering

2026.04.06
BugForge easy Client-Side Price Tampering

Overview Platform: BugForge Vulnerability: Client-Side Price Tampering — Server Trusts Client-Sent Prices Key Technique: Modifying the amount, unit_pr...

#price-tampering #client-side-trust #api-security #e-commerce

Cafe Club: Business Logic — Till Payment Bypass

2026.04.06
BugForge easy Business Logic

Overview Platform: BugForge Vulnerability: Business Logic Flaw — Hidden Purchase Type Bypasses Payment Key Technique: Fuzzing the checkout type parame...

#payment-bypass #API #parameter-fuzzing

Tanuki: IDOR on User Statistics Endpoint

2026.03.31
BugForge easy Broken Access Control

Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) on User Statistics Endpoint Key Technique: Path parameter manipulat...

#IDOR #API #user-enumeration
analytics

Activity Log

[2026.04.09] New writeup published: Gift List: OTP Recipient Manipulation → Admin Access
[2026.04.08] New writeup published: Copypasta: UNION-Based SQL Injection
[2026.04.07] New writeup published: Tanuki: JWT None-Algorithm Bypass
[2026.04.06] New writeup published: Cheesy Does It: Client-Side Price Tampering
[2026.04.06] New writeup published: Cafe Club: Business Logic — Till Payment Bypass
construction

Toolkit

web v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
speed v1.2.0
Race
HTTP/2 single-packet race condition testing.
key v1.0.0
JWTForge
JWT creation, modification, and signing tool.
more_horiz
More Coming
Additional tools in development.