Cheesy Does It

A recurring daily challenge — each entry covers a different vulnerability. Listed oldest to newest.

BugForge - Daily - Cheesy Does It (Dec 29, 2025)

This vulnerability is an Insecure Direct Object Reference (IDOR) caused by missing server-side authorization checks when accessing order data. The…

IDOR

Posted on 2025-12-29 20:00 4 min read

BugForge - Daily - Cheesy Does It (Jan 5, 2026)

The login functionality is vulnerable to SQL Injection, allowing attackers to bypass authentication and gain unauthorized access to admin accounts. By…

SQLi

Posted on 2026-01-05 20:00 4 min read

BugForge - Daily - Cheesy Does It (Jan 19, 2026)

This vulnerability is a business logic flaw in the checkout process where the backend accepts client-supplied discount data without enforcing strict validation…

Business Logic Flaw Type Confusion

Posted on 2026-01-19 20:02 3 min read

BugForge - Daily - Cheesy Does It (Jan 26, 2026)

A business logic flaw in the refund endpoint allows arbitrary refund amounts without validation against actual order values. The API endpoint and payload…

Business Logic Flaw Insufficient Validation

Posted on 2026-01-26 20:00 4 min read

BugForge - Daily - Cheesy Does It (Feb 2, 2026)

A business logic flaw in the tip functionality of the Cheesy Does It pizza ordering application allows users to submit negative tip percentages during the…

Business Logic Flaw Insufficient Validation

Posted on 2026-02-02 20:00 4 min read