← All series

Copy Pasta

Daily · 6 writeups

A recurring daily challenge — each entry covers a different vulnerability. Listed oldest to newest.

BugForge - Daily - Copy Pasta (Jan 7, 2026)

The CopyPasta application allows users to create and share code snippets with options to make them public or private. The snippet retrieval endpoint…

IDOR Broken Access Control
Posted on 2026-01-07 20:00 4 min read

BugForge - Daily - Copy Pasta (Jan 14, 2026)

After registering a standard user, the application was mapped to understand how snippets are created and managed, with a focus on how snippet IDs are handled…

IDOR
Posted on 2026-01-14 19:48 3 min read

BugForge - Daily - Copy Pasta (Jan 21, 2026)

This issue is a classic example of broken access control caused by trusting user-supplied object identifiers. A password reset endpoint accepts a userId…

Broken Access Control IDOR
Posted on 2026-01-21 20:00 4 min read

BugForge - Daily - Copy Pasta (Jan 28, 2026)

The CopyPasta application's share functionality contains a SQL Injection vulnerability in the /api/snippets/share/:id endpoint, where the GUID parameter is…

SQLi
Posted on 2026-01-28 20:00 5 min read

BugForge - Daily - Copy Pasta (Feb 11, 2026)

The CopyPasta application uses a predictable session token scheme where session identifiers are derived by computing the MD5 hash of the username and then…

Broken Authentication Session Hijacking
Posted on 2026-02-11 19:00 3 min read

BugForge - Daily - Copy Pasta (Jun 25, 2026)

A broken access control flaw in collection sharing. A public collection share endpoint returns the contents of every assigned snippet without re-checking each snippet's own visibility, allowing a private snippet to be leaked by adding it to a public collection…

Broken Access Control IDOR
Posted on 2026-06-25 20:00 4 min read
Zw4rts

© 2026 Zw4rts. All rights reserved.