HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Cheesy Does It: Discount Code Stacking via Array Type Confusion
2026.04.21
BugForge
easy
Business Logic / Type Confusion
FurHire: Second-Order Blind Boolean SQLi + Role Self-Assignment
2026.04.19
BugForge
medium
Second-Order Blind Boolean SQL Injection
Part 1 — Pentest Report
Cafe Club: UNION-based SQL Injection + Plaintext Password Storage
2026.04.19
BugForge
easy
UNION-based SQL Injection
Part 1 — Pentest Report
Gift Lab: Admin Bypass via Predictable adminAccessToken Cookie
2026.04.18
BugForge
medium
Broken Access Control
Overview Platform: BugForge Vulnerability: Admin authorization bypass via predictable adminAccessToken cookie Key Technique: Compared the cookie acros...
Sokudo: GraphQL Authorization Bypass + Plaintext Password Exposure
2026.04.16
BugForge
easy
GraphQL Authorization Bypass
Part 1 — Pentest Report
Copypasta: IDOR via Source Map Disclosure
2026.04.15
BugForge
easy
IDOR
Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) on a secondary read endpoint, discovered via public source map disclo...
analytics
Activity Log
[2026.04.21]
New writeup published: Cheesy Does It: Discount Code Stacking via Array Type Confusion
[2026.04.19]
New writeup published: FurHire: Second-Order Blind Boolean SQLi + Role Self-Assignment
[2026.04.19]
New writeup published: Cafe Club: UNION-based SQL Injection + Plaintext Password Storage
[2026.04.18]
New writeup published: Gift Lab: Admin Bypass via Predictable adminAccessToken Cookie
[2026.04.16]
New writeup published: Sokudo: GraphQL Authorization Bypass + Plaintext Password Exposure
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.