HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Appointments: Blind Boolean SQL Injection in a Path Parameter
2026.05.22
BugForge
easy
Blind Boolean SQL Injection
Part 1: Pentest Report
Tanuki: Stored XXE via a Hidden JSON Field
2026.05.20
BugForge
easy
Stored XML External Entity Injection
Shady Oaks Financial: Broken Access Control on Admin Route Group
2026.05.16
BugForge
easy
Broken Access Control
Part 1 — Pentest Report
Galazy Dash: Cross-Organization IDOR via Sibling-Endpoint Authorization Drift
2026.05.16
BugForge
medium
Cross-Organization IDOR
Part 1: Pentest Report
Tanuki: XXE via XInclude (DOCTYPE Filter Bypass)
2026.05.13
BugForge
easy
XML External Entity
FurHire: SSRF to Internal Reporting Endpoint
2026.05.09
BugForge
medium
Server-Side Request Forgery
analytics
Activity Log
[2026.05.22]
New writeup published: Appointments: Blind Boolean SQL Injection in a Path Parameter
[2026.05.20]
New writeup published: Tanuki: Stored XXE via a Hidden JSON Field
[2026.05.16]
New writeup published: Shady Oaks Financial: Broken Access Control on Admin Route Group
[2026.05.16]
New writeup published: Galazy Dash: Cross-Organization IDOR via Sibling-Endpoint Authorization Drift
[2026.05.13]
New writeup published: Tanuki: XXE via XInclude (DOCTYPE Filter Bypass)
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.