✕ Clear all filters
4 articles

📰 Dev.to · Oopssec Store

4 articles · Updated every 3 hours · View all reads

All Articles 91,285Blog Posts 109,477Tech Tutorials 22,820Research Papers 19,226News 14,849 ⚡ AI Lessons
The Env Variable Name Was Gone From the Bundle. The Value Wasn't.
Dev.to · Oopssec Store 1w ago
The Env Variable Name Was Gone From the Bundle. The Value Wasn't.
Exploiting a misused NEXT_PUBLIC_ environment variable in OopsSec Store to recover a payment secret...
Read article → + Playlist
Recovering a gift card code from its createdAt with a 10-line LCG
Dev.to · Oopssec Store 3w ago
Recovering a gift card code from its createdAt with a 10-line LCG
OopsSec Store derives gift card codes from a linear congruential generator seeded with the card's...
Read article → + Playlist
Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF
Dev.to · Oopssec Store 4w ago
Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF
The admin order update endpoint authenticates via cookie and validates nothing else, allowing any...
Read article → + Playlist
The ORM Didn't Save You: SQL Injection in a Prisma Codebase
Dev.to · Oopssec Store ⚡ AI Lesson 1mo ago
The ORM Didn't Save You: SQL Injection in a Prisma Codebase
This writeup walks through a SQL injection in the product search feature of the oss-oopssec-store, an...
View lesson → + Playlist