✕ Clear all filters
5 articles

📰 Dev.to · Oopssec Store

5 articles · Updated every 3 hours · View all reads

All Articles 92,361Blog Posts 110,414Tech Tutorials 23,206Research Papers 19,242News 14,895 ⚡ AI Lessons
Racing a Next.js API route: coupon abuse with Prisma and SQLite
Dev.to · Oopssec Store ⚡ AI Lesson 5h ago
Racing a Next.js API route: coupon abuse with Prisma and SQLite
OopsSec Store validates a coupon and increments its counter in two separate database calls. Send...
View lesson → + Playlist
The Env Variable Name Was Gone From the Bundle. The Value Wasn't.
Dev.to · Oopssec Store 1w ago
The Env Variable Name Was Gone From the Bundle. The Value Wasn't.
Exploiting a misused NEXT_PUBLIC_ environment variable in OopsSec Store to recover a payment secret...
Read article → + Playlist
Recovering a gift card code from its createdAt with a 10-line LCG
Dev.to · Oopssec Store 3w ago
Recovering a gift card code from its createdAt with a 10-line LCG
OopsSec Store derives gift card codes from a linear congruential generator seeded with the card's...
Read article → + Playlist
Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF
Dev.to · Oopssec Store 1mo ago
Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF
The admin order update endpoint authenticates via cookie and validates nothing else, allowing any...
Read article → + Playlist
The ORM Didn't Save You: SQL Injection in a Prisma Codebase
Dev.to · Oopssec Store ⚡ AI Lesson 1mo ago
The ORM Didn't Save You: SQL Injection in a Prisma Codebase
This writeup walks through a SQL injection in the product search feature of the oss-oopssec-store, an...
View lesson → + Playlist