HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
FurHire: Client-Side Path Traversal to Account Takeover
2026.06.15
BugForge
hard
Client-Side Path Traversal to Account Takeover
Part 1: Pentest Report
CopyPasta: IDOR Snippet Delete (Broken Object-Level Authorization)
2026.06.12
BugForge
easy
IDOR / Broken Object-Level Authorization
Vaultly: Account Takeover via Unbound Password-Reset Token
2026.06.10
BugForge
hard
Password-Reset Account Takeover
Shady Oaks Financial: UNION-based SQL Injection
2026.06.10
BugForge
easy
UNION-based SQL Injection
Ottergram: Private Posts via Dual-Identifier Authorization Drift
2026.06.10
BugForge
medium
Broken Object-Level Authorization
Galaxy Dash: Broken Access Control via Writable Avatar Field
2026.06.05
BugForge
medium
Broken Access Control
Part 1: Pentest Report
analytics
Activity Log
[2026.06.15]
New writeup published: FurHire: Client-Side Path Traversal to Account Takeover
[2026.06.12]
New writeup published: CopyPasta: IDOR Snippet Delete (Broken Object-Level Authorization)
[2026.06.10]
New writeup published: Vaultly: Account Takeover via Unbound Password-Reset Token
[2026.06.10]
New writeup published: Shady Oaks Financial: UNION-based SQL Injection
[2026.06.10]
New writeup published: Ottergram: Private Posts via Dual-Identifier Authorization Drift
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.