HACKERBADGER

HACKERBADGER

Breaking things. Writing it down.

HACKERBADGER
Visual_ID: HACKERBADGER

Latest Research

[RECORDS_FOUND: 35]

Cheesy Does It: Refund Amount Manipulation

2026.04.13
BugForge easy Business Logic

Overview Platform: BugForge Vulnerability: Business Logic — Unvalidated Client-Supplied Refund Amount Key Technique: Submit an arbitrarily large refun...

#business-logic #refund-abuse #over-refund #client-side-trust #api-security #e-commerce

OtterGram: IDOR on Profile Update

2026.04.11
BugForge easy IDOR

Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) — Arbitrary Profile Modification Key Technique: Manipulating the id...

#idor #broken-access-control #express #jwt #profile-manipulation #bola

Galaxy Dash: Server-Side Prototype Pollution

2026.04.11
BugForge medium Prototype Pollution

Overview Platform: BugForge Vulnerability: Server-Side Prototype Pollution → Price Bypass Key Technique: Exploiting vulnerable deep merge on organizat...

#prototype-pollution #nodejs #express #deep-merge #price-bypass #server-side

Gift List: OTP Recipient Manipulation → Admin Access

2026.04.09
BugForge easy Authentication Bypass

Overview Platform: BugForge Vulnerability: OTP Recipient Manipulation (Authentication Bypass) — admin login send-code endpoint accepts arbitrary usernam...

#otp-bypass #auth-bypass #parameter-manipulation #bugforge

Copypasta: UNION-Based SQL Injection

2026.04.08
BugForge easy SQL Injection

Overview Platform: BugForge Vulnerability: SQL Injection (UNION-based) — share_code path parameter concatenated directly into SQL query Key Technique:...

#sqli #union-injection #sqlite #credential-extraction

Tanuki: JWT None-Algorithm Bypass

2026.04.07
BugForge easy Authentication Bypass

Overview Platform: BugForge Vulnerability: JWT None-Algorithm Bypass leading to admin privilege escalation Key Technique: Forging an unsigned JWT with...

#JWT #none-algorithm #authentication-bypass #privilege-escalation
analytics

Activity Log

[2026.04.13] New writeup published: Cheesy Does It: Refund Amount Manipulation
[2026.04.11] New writeup published: OtterGram: IDOR on Profile Update
[2026.04.11] New writeup published: Galaxy Dash: Server-Side Prototype Pollution
[2026.04.09] New writeup published: Gift List: OTP Recipient Manipulation → Admin Access
[2026.04.08] New writeup published: Copypasta: UNION-Based SQL Injection
construction

Toolkit

web v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
speed v1.2.0
Race
HTTP/2 single-packet race condition testing.
key v1.0.0
JWTForge
JWT creation, modification, and signing tool.
more_horiz
More Coming
Additional tools in development.