HACKERBADGER

Breaking things. Writing it down.

HACKERBADGER

Visual_ID: HACKERBADGER

Latest Research

[RECORDS_FOUND: 46]

DiceForge: OS Command Injection on POST /api/roll

BugForge easy OS Command Injection

Part 1 - Pentest Report

#command-injection #rce #bugforge #webapp #express #node #json-body-injection

Sokudo: Hidden PUT via Verb Tampering + Mass Assignment

BugForge medium Mass Assignment on Hidden Endpoint

#verb-tampering #mass-assignment #access-control #rest-api #bugforge #webapp

CopyPasta: Authorization Bypass on DELETE Snippet

BugForge easy Broken Access Control

#idor #access-control #broken-authorization #rest-api #bugforge #webapp

Tanuki: IDOR to Account Takeover

BugForge easy Authorization Bypass (IDOR)

Part 1: Pentest Report

#webapp #idor #broken-access-control #account-takeover #cwe-639 #bugforge

Cheesy Does It: Discount Code Stacking via Array Type Confusion

BugForge easy Business Logic / Type Confusion

#business-logic #type-confusion #mass-assignment-blocked #bugforge

FurHire: Second-Order Blind Boolean SQLi + Role Self-Assignment

BugForge medium Second-Order Blind Boolean SQL Injection

Part 1 — Pentest Report

#sqli #second-order-sqli #blind-boolean #sqlite #mass-assignment #role-escalation #bugforge #webapp

analytics

Activity Log

[2026.04.26] New writeup published: DiceForge: OS Command Injection on POST /api/roll

[2026.04.24] New writeup published: Sokudo: Hidden PUT via Verb Tampering + Mass Assignment

[2026.04.23] New writeup published: CopyPasta: Authorization Bypass on DELETE Snippet

[2026.04.22] New writeup published: Tanuki: IDOR to Account Takeover

[2026.04.21] New writeup published: Cheesy Does It: Discount Code Stacking via Array Type Confusion

construction

Toolkit

web v0.3.0

Caido Workbench

SQLi and JWT workbench plugin for Caido proxy.

speed v1.2.0

Race

HTTP/2 single-packet race condition testing.

key v1.0.0

JWTForge

JWT creation, modification, and signing tool.

more_horiz

More Coming

Additional tools in development.