Copy Pasta

A recurring daily challenge — each entry covers a different vulnerability. Listed oldest to newest.

BugForge - Daily - Copy Pasta (Jan 7, 2026)

The CopyPasta application allows users to create and share code snippets with options to make them public or private. The snippet retrieval endpoint…

IDOR Broken Access Control

Posted on 2026-01-07 20:00 4 min read

BugForge - Daily - Copy Pasta (Jan 14, 2026)

After registering a standard user, the application was mapped to understand how snippets are created and managed, with a focus on how snippet IDs are handled…

IDOR

Posted on 2026-01-14 19:48 3 min read

BugForge - Daily - Copy Pasta (Jan 21, 2026)

This issue is a classic example of broken access control caused by trusting user-supplied object identifiers. A password reset endpoint accepts a userId…

Broken Access Control IDOR

Posted on 2026-01-21 20:00 4 min read

BugForge - Daily - Copy Pasta (Jan 28, 2026)

The CopyPasta application's share functionality contains a SQL Injection vulnerability in the /api/snippets/share/:id endpoint, where the GUID parameter is…

SQLi

Posted on 2026-01-28 20:00 5 min read

BugForge - Daily - Copy Pasta (Feb 11, 2026)

The CopyPasta application uses a predictable session token scheme where session identifiers are derived by computing the MD5 hash of the username and then…

Broken Authentication Session Hijacking

Posted on 2026-02-11 19:00 3 min read