WRITEUP_TERMINAL
V.1.0 // SECURITY
Application Security Research

SECURITY WRITEUPS

A curated collection of real-world application security research, vulnerability disclosures, and technical writeups.
Manual testing · Source code analysis · Business logic exploration
#BrokenAccessControl #IDOR #BOLA #BusinessLogic #Auth #APIsecurity #BugBounty

WRITEUP_INDEX

5 articles
Authentication Authorization

The MFA Bypass That Wasn't an MFA Problem

cybersecuritywriteups.com

An investigation into an apparent MFA bypass that ultimately revealed broken API authorization, demonstrating why strong authentication cannot compensate for flawed backend access control.

Read more
Authentication State Management

How I Found an Email Verification Bypass on an AI Freelance Platform

infosecwriteups.com

A real-world email verification bypass caused by inconsistent state management between the registration and email verification flows, allowing accounts to be created with unverified email addresses.

Read more
Business Logic E-commerce

From Quantity Manipulation to Negative Shipping Costs

cybersecuritywriteups.com

A business logic flaw in an e-commerce application that allowed manipulation of order calculations through unexpected quantity values, resulting in negative shipping costs.

Read more
Broken Access Control Lifecycle

I Was Removed From the Organization, But My Access Still Worked

cybersecuritywriteups.com

A case study showing how access remained valid after organizational membership was revoked, highlighting common authorization and access lifecycle failures.

Read more
IDOR BOLA
IDOR / BOLA

From a Simple Profile Endpoint to a 100k+ User IDOR on HackerRank

cybersecuritywriteups.com

A seemingly harmless profile endpoint led to an authorization flaw affecting more than 100,000 user accounts.

Read more
Responsible Disclosure — all writeups follow responsible disclosure practices and exclude sensitive information that could impact users or organizations.

ABOUT_ME

I'm an Application Security Engineer and Security Researcher with a focus on application security, API security, business logic vulnerabilities, and authorization flaws.