Ottergram
Daily · 9 writeupsA recurring daily challenge — each entry covers a different vulnerability. Listed oldest to newest.
BugForge - Daily - Ottergram (Jan 3, 2026)
A SQL Injection vulnerability was identified in the user profile retrieval functionality where user-supplied input is concatenated directly into SQL…
BugForge - Daily - Ottergram (Jan 10, 2026)
The application exposes a GraphQL API with introspection enabled in production, allowing attackers to query the full API schema and discover sensitive…
BugForge - Daily - Ottergram (Jan 17, 2026)
This walkthrough demonstrates how an Insecure Direct Object Reference (IDOR) can surface in real-time features by moving beyond basic HTTP endpoints and…
BugForge - Daily - Ottergram (Jan 24, 2026)
A stored Cross-Site Scripting (XSS) vulnerability was identified in the messaging functionality where user input is rendered using React's…
BugForge - Daily - Ottergram (Jan 31, 2026)
The Ottergram application contains an Insecure Direct Object Reference (IDOR) vulnerability in its profile update functionality. While the application…
BugForge - Daily - Ottergram (Feb 7, 2026)
The Ottergram application contains a Missing Function Level Access Control vulnerability in its administrative post deletion endpoint. The application…
BugForge - Daily - Ottergram (Feb 14, 2026)
The Ottergram application contains a Broken Access Control vulnerability in its comment update endpoint. After systematically analyzing the application's…
BugForge - Daily - Ottergram (Feb 21, 2026)
The Ottergram application contains a Path Traversal vulnerability in its post image serving endpoint. After exploring the application's main feed and user…
BugForge - Daily - Ottergram (Feb 28, 2026)
The Ottergram application contains an HTTP Verb Tampering vulnerability combined with an Insecure Direct Object Reference (IDOR) flaw in its comment…