← All series

Cheesy Does It

Daily · 6 writeups

A recurring daily challenge — each entry covers a different vulnerability. Listed oldest to newest.

BugForge - Daily - Cheesy Does It (Dec 29, 2025)

This vulnerability is an Insecure Direct Object Reference (IDOR) caused by missing server-side authorization checks when accessing order data. The…

IDOR
Posted on 2025-12-29 20:00 4 min read

BugForge - Daily - Cheesy Does It (Jan 5, 2026)

The login functionality is vulnerable to SQL Injection, allowing attackers to bypass authentication and gain unauthorized access to admin accounts. By…

SQLi
Posted on 2026-01-05 20:00 4 min read

BugForge - Daily - Cheesy Does It (Jan 19, 2026)

This vulnerability is a business logic flaw in the checkout process where the backend accepts client-supplied discount data without enforcing strict validation…

Business Logic Flaw Type Confusion
Posted on 2026-01-19 20:02 3 min read

BugForge - Daily - Cheesy Does It (Jan 26, 2026)

A business logic flaw in the refund endpoint allows arbitrary refund amounts without validation against actual order values. The API endpoint and payload…

Business Logic Flaw Insufficient Validation
Posted on 2026-01-26 20:00 4 min read

BugForge - Daily - Cheesy Does It (Feb 2, 2026)

A business logic flaw in the tip functionality of the Cheesy Does It pizza ordering application allows users to submit negative tip percentages during the…

Business Logic Flaw Insufficient Validation
Posted on 2026-02-02 20:00 4 min read

BugForge - Daily - Cheesy Does It (Jul 5, 2026)

The Cheesy Does It password reset accepts a null OTP, skipping verification to hand back the admin reset token and enabling a full account takeover.

Otp Bypass Insufficient Validation Broken Authentication User Enumeration Account Takeover Brute Force
Posted on 2026-07-05 20:00 5 min read
Zw4rts

© 2026 Zw4rts. All rights reserved.