HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Vaultly: Next.js Middleware Authorization Bypass (CVE-2025-29927)
2026.07.15
BugForge
medium
Next.js Middleware Authorization Bypass (CVE-2025-29927)
Part 1: Pentest Report
Tanuki: XML Entity Smuggling to SQL Injection
2026.07.15
BugForge
medium
XML Entity Smuggling to SQL Injection
Tanuki SRS Flash Cards: XML Entity Smuggling to SQL Injection
Shady Oaks Financial: Server-Side Template Injection via Undocumented Parameter
2026.07.14
BugForge
easy
Server-Side Template Injection (Undocumented Parameter)
Part 1: Pentest Report
MesaNet Access Panel: OTP Verify Bypass Chained to SSRF Internal Disclosure
2026.07.14
BugForge
hard
OTP Bypass + SSRF to Internal Store
Part 1: Pentest Report
Cheesy Does It: Single-Use Coupon Reuse via Reorder
2026.07.14
BugForge
easy
Single-Use Coupon Reuse via Reorder
Part 1: Pentest Report
CopyPasta: Forgeable Session Tokens Enable Cross-User Impersonation
2026.07.13
BugForge
easy
Forgeable Session Tokens
Part 1: Pentest Report
analytics
Activity Log
[2026.07.15]
New writeup published: Vaultly: Next.js Middleware Authorization Bypass (CVE-2025-29927)
[2026.07.15]
New writeup published: Tanuki: XML Entity Smuggling to SQL Injection
[2026.07.14]
New writeup published: Shady Oaks Financial: Server-Side Template Injection via Undocumented Parameter
[2026.07.14]
New writeup published: MesaNet Access Panel: OTP Verify Bypass Chained to SSRF Internal Disclosure
[2026.07.14]
New writeup published: Cheesy Does It: Single-Use Coupon Reuse via Reorder
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.