Cyb3r7hr347's Blog

Cyb3r7hr347's BlogCybersecurity blog featuring CTF writeups, bug bounty findings, and security research.https://cyb3r7hr347.github.io/Gift List - Admin Code Recipient Manipulationhttps://cyb3r7hr347.github.io/posts/bugforge-gift-list/https://cyb3r7hr347.github.io/posts/bugforge-gift-list/Writeup for the Gift List challenge on Bugforge.ioThu, 09 Apr 2026 00:00:00 GMTCheesy Does It - Broken Logic in the Refund Requesthttps://cyb3r7hr347.github.io/posts/bugforge-cheesy-does-it-2/https://cyb3r7hr347.github.io/posts/bugforge-cheesy-does-it-2/Writeup for the "Cheesy Does It" daily challenge on Bugforge.io demonstrating a Broken Logic vulnerability in the refund request functionality.Tue, 03 Mar 2026 12:00:00 GMTCopyPasta - Broken Access Control Vulnerability in Password Reset Functionalityhttps://cyb3r7hr347.github.io/posts/bugforge-copypasta/https://cyb3r7hr347.github.io/posts/bugforge-copypasta/Writeup for the "CopyPasta" daily challenge on Bugforge.io - Broken Access Control vulnerability in the password reset functionalityWed, 25 Feb 2026 12:00:00 GMTTanuki - IDOR Vulnerabilityhttps://cyb3r7hr347.github.io/posts/bugforge-tanuki/https://cyb3r7hr347.github.io/posts/bugforge-tanuki/Writeup for the "Tanuki" daily challenge on Bugforge.io - IDOR vulnerabilityWed, 25 Feb 2026 06:00:00 GMTCheesy Does It - Broken Logic in Payment Processinghttps://cyb3r7hr347.github.io/posts/bugforge-cheesy-does-it/https://cyb3r7hr347.github.io/posts/bugforge-cheesy-does-it/Writeup for the "Cheesy Does It" daily challenge on Bugforge.io demonstrating a Broken Logic vulnerability in payment processing.Mon, 12 Jan 2026 12:00:00 GMTAPICrash - Race Condition Vulnerabilityhttps://cyb3r7hr347.github.io/posts/yeswehack-apicrash/https://cyb3r7hr347.github.io/posts/yeswehack-apicrash/Writeup for the APICrash challenge on YesWeHack demonstrating a Race Condition vulnerability in a GraphQL API.Sun, 11 Jan 2026 12:00:00 GMTGhost Whisper - Command Injection via Unicode Normalizationhttps://cyb3r7hr347.github.io/posts/yeswehack-ghost-whisper/https://cyb3r7hr347.github.io/posts/yeswehack-ghost-whisper/Writeup for the Ghost Whisper challenge on YesWeHack demonstrating a Command Injection vulnerability via Unicode normalization bypass.Fri, 05 Dec 2025 12:00:00 GMTAppSecMaster - Blind XSS to Privilege Escalationhttps://cyb3r7hr347.github.io/posts/appsecmaster-blind-xss/https://cyb3r7hr347.github.io/posts/appsecmaster-blind-xss/Writeup documenting a Blind XSS vulnerability in a mini blog application from AppSecMaster, leading to privilege escalation.Wed, 19 Nov 2025 14:00:00 GMTJinjaCare - Server-Side Template Injectionhttps://cyb3r7hr347.github.io/posts/htb-jinjacare/https://cyb3r7hr347.github.io/posts/htb-jinjacare/Writeup for the Very Easy JinjaCare HTB Challenge demonstrating Server-Side Template Injection in Jinja2.Wed, 19 Nov 2025 12:00:00 GMTCybersecurity Learning Resourceshttps://cyb3r7hr347.github.io/posts/resources/https://cyb3r7hr347.github.io/posts/resources/A curated collection of resources, tools, and guides for aspiring security researchers and bug bounty hunters.Sat, 01 Nov 2025 10:00:00 GMT