FurHire

A recurring weekly challenge — each entry covers a different vulnerability. Listed oldest to newest.

BugForge - Weekly - FurHire (Dec 29, 2025)

After creating recruiter and job seeker accounts, a normal job application flow was completed to identify where application status updates are handled. An…

WAF By Pass XSS CSRF

Posted on 2025-12-29 10:15 5 min read

BugForge - Weekly - FurHire (Jan 11, 2026)

This walkthrough demonstrates a chained attack where a SQL Injection vulnerability in the job listing API endpoint (/api/jobs/{id}) is manually exploited using…

SQL Injection JWT Privilege Escalation

Posted on 2026-01-11 20:00 5 min read