Galaxy Dash

A recurring weekly challenge — each entry covers a different vulnerability. Listed oldest to newest.

BugForge - Weekly - Galaxy Dash (Jan 4, 2026)

This walkthrough demonstrates a server-side prototype pollution vulnerability in an Express.js-based delivery platform. By exploiting an unsafe object merge…

Prototype Pollution

Posted on 2026-01-04 20:00 5 min read

BugForge - Weekly - Galaxy Dash (Feb 1, 2026)

This walkthrough demonstrates a Server-Side Request Forgery (SSRF) vulnerability in a delivery scheduling API where a user-controllable URL parameter is passed…

SSRF JWT Forgery

Posted on 2026-02-01 09:00 4 min read

BugForge - Weekly - Galaxy Dash (Feb 20, 2026)

This walkthrough demonstrates a stored cross-site scripting (XSS) vulnerability in a delivery booking application where unsanitized user input in the…

XSS Session Hijacking Account Takeover

Posted on 2026-02-20 09:00 5 min read

BugForge - Weekly - Galaxy Dash (Mar 4, 2026)

This walkthrough demonstrates a UNION-based SQL injection vulnerability in a delivery booking application. The /api/bookings endpoint accepts a status query…

SQLi

Posted on 2026-03-04 09:00 5 min read

BugForge - Weekly - Galaxy Dash (Mar 26, 2026)

This walkthrough demonstrates a broken access control vulnerability in a team management application. The application exposes user creation, update, and…

Broken Access Control Account Takeover

Posted on 2026-03-26 19:00 5 min read