HACKERBADGER

Write-Ups

search
Copypasta: UNION-Based SQL Injection
#BugForge #SQL Injection #sqli #union-injection
2026.04.08

Overview Platform: BugForge Vulnerability: SQL Injection (UNION-based) — share_code path parameter concatenated directly into SQL query Key Technique: UNION SELECT to extract usernames and p...

easy
Tanuki: JWT None-Algorithm Bypass
#BugForge #Authentication Bypass #JWT #none-algorithm
2026.04.07

Overview Platform: BugForge Vulnerability: JWT None-Algorithm Bypass leading to admin privilege escalation Key Technique: Forging an unsigned JWT with alg:"none" and type:"admin" to bypass s...

easy
Cheesy Does It: Client-Side Price Tampering
#BugForge #Client-Side Price Tampering #price-tampering #client-side-trust
2026.04.06

Overview Platform: BugForge Vulnerability: Client-Side Price Tampering — Server Trusts Client-Sent Prices Key Technique: Modifying the amount, unit_price, and total_price values in payment a...

easy
Cafe Club: Business Logic — Till Payment Bypass
#BugForge #Business Logic #payment-bypass #API
2026.04.06

Overview Platform: BugForge Vulnerability: Business Logic Flaw — Hidden Purchase Type Bypasses Payment Key Technique: Fuzzing the checkout type parameter to discover an undocumented “till” v...

easy
Tanuki: IDOR on User Statistics Endpoint
#BugForge #Broken Access Control #IDOR #API
2026.03.31

Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) on User Statistics Endpoint Key Technique: Path parameter manipulation on /api/stats/:userId to access othe...

easy
Cheesy Does It: SQL Injection Authentication Bypass
#BugForge #SQL Injection #authentication-bypass #price-manipulation
2026.03.30

Overview Platform: BugForge Vulnerability: SQL Injection (Authentication Bypass), Client-Side Price Manipulation Key Technique: Classic SQLi on login username field — string concatenation in...

medium
Galaxy Dash: Cross-Org User Hijacking
#BugForge #Broken Access Control #IDOR #account-takeover
2026.03.28

Overview Platform: BugForge Vulnerability: Broken Access Control — Cross-Organization User Hijacking, Broken Object-Level Authorization on Permission Updates Key Technique: Adding an existin...

medium
Cafe Club: IDOR on Password Change
#BugForge #Broken Access Control #IDOR #password-change
2026.03.28

Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) Key Technique: Password change endpoint uses id from request body instead of JWT — any authenticated user c...

easy
Shady Oaks Financial: Race Condition on Currency Conversion
#BugForge #Race Condition #TOCTOU #currency-conversion
2026.03.27

Overview Platform: BugForge Vulnerability: Race Condition (TOCTOU) on currency conversion endpoint Key Technique: HTTP/2 single-packet attack exploiting non-atomic balance check/deduction wi...

hard
Ottergram: Stored XSS — DM to Admin localStorage Exfil
#BugForge #XSS #stored-XSS #localStorage
2026.03.27

Overview Platform: BugForge Vulnerability: Stored Cross-Site Scripting (XSS) via Direct Messages Key Technique: Injecting HTML into unsanitized DM content field rendered via dangerouslySetIn...

medium
Gift Lab: IDOR via Predictable Share Token
#BugForge #Broken Access Control #IDOR #base64
2026.03.26

Overview Platform: BugForge Vulnerability: IDOR via Predictable Share Token Key Technique: Reverse-engineering base64-encoded share tokens to access arbitrary gift lists without authenticati...

medium
Copypasta: IDOR Password Reset to Account Takeover
#BugForge #Broken Access Control #IDOR #password-reset
2026.03.24

Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) — password change endpoint trusts client-supplied user_id Key Technique: Replacing user_id in the password ...

easy
Tanuki: XXE via XInclude Bypass
#BugForge #XXE #XXE #XInclude
2026.03.23

Overview Platform: BugForge Vulnerability: XXE via XInclude — Arbitrary File Read Key Technique: XInclude directive bypass of DTD restrictions in XML parser to exfiltrate server files Resu...

hard
Cheesy Does It: IDOR + Price Manipulation
#BugForge #Broken Access Control #IDOR #price-manipulation
2026.03.23

Overview Platform: BugForge Vulnerability: IDOR (Insecure Direct Object Reference), Client-Side Price Manipulation, Wildcard CORS Key Technique: Sequential ID enumeration on order detail end...

medium
Cafe Club: Race Condition — Cart/Checkout TOCTOU
#BugForge #Race Condition #TOCTOU #cart-checkout
2026.03.22

Vulnerability: Race Condition (TOCTOU), SQL Injection (INSERT-only) Key Technique: Cart/checkout time-of-check-time-of-use race — adding expensive items to cart during checkout processing wind...

hard
Ottergram: WebSocket IDOR via Socket.io
#BugForge #Broken Access Control #IDOR #WebSocket
2026.03.21

Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) via Socket.io WebSocket event Key Technique: Enumerating message IDs through an unauthenticated Socket.io p...

medium
MesaNet: OTP Bypass + Gateway Entitlement Override
#BugForge #Broken Access Control #OTP-bypass #JSON-array
2026.03.20

Overview Platform: BugForge Vulnerability: OTP Bypass via JSON Array Parameter Injection, Broken Access Control via Gateway Entitlement Override Key Technique: Sending all 10,000 OTP codes i...

hard
Shady Oaks Financial: Broken Access Control + Rounding Exploit
#BugForge #Broken Access Control #BAC #admin-endpoint
2026.03.19

Overview Platform: BugForge Vulnerability: Broken Access Control on admin endpoints; Rounding exploit in stock trading Key Technique: Accessing admin-only API routes with a regular user JWT ...

medium
Copypasta: IDOR on Snippet Deletion
#BugForge #Broken Access Control #IDOR #authorization-bypass
2026.03.18

Overview Platform: BugForge Vulnerability: Insecure Direct Object Reference (IDOR) — missing authorization check on snippet deletion Key Technique: Exploiting inconsistent authorization betw...

easy
Tanuki: XXE Injection via Deck Import
#BugForge #XXE #XXE #file-read
2026.03.17

Overview Platform: BugForge Vulnerability: XML External Entity (XXE) Injection Key Technique: XXE via XML deck import endpoint with in-band exfiltration through stored entity values Result...

medium
Cheesy Does It: Payment Calculation Bug
#BugForge #Business Logic #payment-manipulation #tip-calculation
2026.03.17

Overview Platform: BugForge Vulnerability: Payment calculation bug (tip formula error), inconsistent input validation between endpoints Key Technique: Exploiting a flawed tip calculation for...

medium
Cafe Club: Mass Assignment on Loyalty Points
#BugForge #Mass Assignment #mass-assignment #profile-update
2026.03.15

Overview Platform: BugForge Vulnerability: Mass Assignment Key Technique: Injecting unvalidated fields into profile update JSON body to overwrite server-side loyalty points balance Result:...

easy
Ottergram: GraphQL IDOR via Introspection
#BugForge #Broken Access Control #GraphQL #introspection
2026.03.14

Vulnerability: GraphQL Introspection Disclosure, IDOR via GraphQL Query, Plaintext Password Storage Key Technique: GraphQL introspection to discover schema, then direct object reference via us...

medium
FurHire: WAF Bypass — Stored XSS via Application Status
#BugForge #XSS #stored-XSS #WAF-bypass
2026.03.14

Overview Platform: BugForge Vulnerability: Stored XSS, WAF Bypass Key Technique: oncontentvisibilityautostatechange event handler bypasses keyword-based WAF blocklist, fires via content-visi...

hard
GalaxyDash: SQLi Function Filter Bypass
#BugForge #SQL Injection #SQLi #function-filter
2026.03.07

SQL injection with function filter bypass on a cargo booking application. Bypassed WAF restrictions on SQL functions to extract database contents.

medium
FurHire: MFA Bypass via Mass Assignment
#BugForge #Broken Access Control #mass-assignment #MFA-bypass
2026.02.28

Mass assignment to enable MFA on admin account, then brute-force the 4-digit OTP to bypass MFA and access the admin panel.

medium
SmallMart: Unicode Case Mapping Bypass
#HackingHub #Broken Access Control #unicode #case-mapping
2026.02.13

Unicode case mapping bypass to access the admin panel. Exploiting server-side Unicode normalization to circumvent role validation.

hard
MesaNet: SQL Injection + Info Disclosure
#BugForge #SQL Injection #SQLi #info-disclosure
2026.02.13

SQL injection combined with information disclosure on MesaNet access panel. Error-based extraction to gain access to the dev console.

hard
FurHire: Second-Order SQL Injection
#BugForge #SQL Injection #second-order-SQLi #stored-injection
2026.01.28

Second-order SQL injection via stored username payload. Injected during registration, triggered when the application queries user data.

medium
Verbose: SSTI to RCE
#HackSmarter #SSTI #SSTI #RCE
2026.01.24

Server-side template injection in Jinja2 via EXIF metadata, escalating from SSTI confirmation to full RCE and root shell.

medium
Poluted: Prototype Pollution to XSS
#HackSmarter #XSS #prototype-pollution #XSS
2026.01.08

Prototype pollution to bypass access controls and reach a 403-protected admin endpoint via __proto__ payload injection.

easy