Trusting the Client
Whatever the browser sends, the server has to verify.
Chapter 03 of the roadmap. Work through each walkthrough below, or browse every topic.
-
Client-Side Price Manipulation
Exploiting a server-side validation failure in OopsSec Store's checkout process to purchase products at arbitrary prices.
-
Mass Assignment: Admin Privilege Escalation via Signup
Exploiting a mass assignment vulnerability in OopsSec Store's signup endpoint to create an account with administrator privileges.
-
Middleware Authorization Bypass: Skipping Next.js Auth with a Single Header (CVE-2025-29927)
Exploiting CVE-2025-29927 to bypass Next.js middleware-based authentication using the x-middleware-subrequest internal header, accessing a protected internal status page without credentials.
-
Race Condition: abusing a single-use coupon with concurrent requests
OopsSec Store validates a coupon and increments its counter in two separate database calls. Send enough concurrent requests and several slip through the check before any of them completes the increment.