HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Cheesy Does It: Password-Reset Account Takeover via OTP Verification Bypass
2026.07.09
BugForge
easy
Password-Reset OTP Verification Bypass
Part 1: Pentest Report
Vaultly: Prototype Pollution to Anonymous Cross-Tenant File Disclosure
2026.07.04
BugForge
medium
Prototype Pollution
Part 1: Pentest Report
Sokudo: Version-Drift Mass-Assignment to Admin
2026.07.04
BugForge
easy
Version-Drift Mass Assignment
Part 1: Pentest Report
CopyPasta: Collection Share Endpoint Over-Exposes Private Snippets
2026.06.25
BugForge
easy
Broken Access Control
Part 1: Pentest Report
Ottergram: Unauthenticated Path Traversal / Arbitrary File Read
2026.06.23
BugForge
easy
Path Traversal / File Inclusion
Part 1: Pentest Report
GalaxyDash: Server-Side Template Injection → Secret Disclosure
2026.06.19
BugForge
medium
Server-Side Template Injection (Context Traversal)
Part 1: Pentest Report
analytics
Activity Log
[2026.07.09]
New writeup published: Cheesy Does It: Password-Reset Account Takeover via OTP Verification Bypass
[2026.07.04]
New writeup published: Vaultly: Prototype Pollution to Anonymous Cross-Tenant File Disclosure
[2026.07.04]
New writeup published: Sokudo: Version-Drift Mass-Assignment to Admin
[2026.06.25]
New writeup published: CopyPasta: Collection Share Endpoint Over-Exposes Private Snippets
[2026.06.23]
New writeup published: Ottergram: Unauthenticated Path Traversal / Arbitrary File Read
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.