#API Versioning
2 postsBugForge - Daily - Sokudo (Jul 2, 2026)
Sokudo's profile page saves through a hardened PUT /v2/profile endpoint that strips the role field, but the legacy non-versioned PUT /api/profile route binds every field blindly. By downgrading the request to the unversioned endpoint and adding role: admin, the account was escalated to administrator, unlocking the admin-only user listing that contained the flag…
Mass Assignment Privilege Escalation Broken Access Control API Versioning
Posted on 2026-07-02 20:00 4 min read
BugForge - Daily - Sokudo (Jan 15, 2026)
This challenge demonstrates how legacy API endpoints can introduce critical security vulnerabilities when not properly deprecated or secured. The application…
API Versioning Broken Authentication IDOR JWT Manipulation
Posted on 2026-01-15 20:40 5 min read