HACKERBADGER
Breaking things. Writing it down.
Visual_ID: HACKERBADGER
Latest Research
Copypasta: Predictable Session Token + Unverified Password Change
2026.05.08
BugForge
easy
Predictable Session Token + Unverified Password Change
Part 1: Pentest Report
Cheesy Does It: Account Takeover via 4-Digit OTP Brute Force on Password Reset
2026.05.06
BugForge
easy
Password Reset OTP Brute Force
DiceForge: User-Agent Paywall Bypass
2026.05.05
BugForge
easy
Broken Access Control via User-Agent Spoofing
Overview Platform: BugForge Vulnerability: Broken access control on POST /api/quantum. The premium roller endpoint is gated on a substring match against...
Sokudo: Predictable Bearer Token + Timestamp Leak via Leaderboard
2026.05.02
BugForge
medium
Predictable Bearer Token + Sensitive Timestamp Disclosure
Part 1 — Pentest Report
Tanuki: Mass Assignment via Registration Role Field
2026.04.29
BugForge
easy
Mass Assignment
Part 1: Pentest Report
Cheesy Does It: JWT HS256 Weak Secret to Admin Role Flip
2026.04.28
BugForge
easy
JWT Weak Secret / Role Flip
analytics
Activity Log
[2026.05.08]
New writeup published: Copypasta: Predictable Session Token + Unverified Password Change
[2026.05.06]
New writeup published: Cheesy Does It: Account Takeover via 4-Digit OTP Brute Force on Password Reset
[2026.05.05]
New writeup published: DiceForge: User-Agent Paywall Bypass
[2026.05.02]
New writeup published: Sokudo: Predictable Bearer Token + Timestamp Leak via Leaderboard
[2026.04.29]
New writeup published: Tanuki: Mass Assignment via Registration Role Field
construction
Toolkit
v0.3.0
Caido Workbench
SQLi and JWT workbench plugin for Caido proxy.
v1.2.0
Race
HTTP/2 single-packet race condition testing.
v1.0.0
JWTForge
JWT creation, modification, and signing tool.
More Coming
Additional tools in development.