#Mass Assignment
3 postsBugForge - Daily - Sokudo (Jul 2, 2026)
Sokudo's profile page saves through a hardened PUT /v2/profile endpoint that strips the role field, but the legacy non-versioned PUT /api/profile route binds every field blindly. By downgrading the request to the unversioned endpoint and adding role: admin, the account was escalated to administrator, unlocking the admin-only user listing that contained the flag…
Mass Assignment Privilege Escalation Broken Access Control API Versioning
Posted on 2026-07-02 20:00 4 min read
BugForge - Weekly - Fur Hire (Feb 28, 2026)
This walkthrough demonstrates two chained vulnerabilities in a job recruitment application. The /api/register endpoint exposes a role parameter that is…
Mass Assignment Privilege Escalation MFA Brute Force Rate Limit Bypass
Posted on 2026-02-28 09:00 7 min read
BugForge - Daily - Tanuki (Dec 30, 2025)
This vulnerability is a mass assignment-driven privilege escalation where the application trusts client-supplied input during user registration and allows…
Mass Assignment
Posted on 2025-12-30 20:00 4 min read