b4r (Author) | b4r

b4r

Fase Rais Baradika

(he/him)

Security Researcher and CTF Player

Posts by b4r

a second-order ddns authz bug in nezha

cve-2026-53521 let a stored future ddns profile id turn into another user ddns profile context later in nezha

b b4r
June 10, 2026
3 min read

vulnerability cve web exploitation authorization
another sharp authz bug, this time in quick creation

cve-2026-53634 let authenticated sharp users bypass create authorization through quick creation command endpoints

b b4r
June 10, 2026
2 min read

vulnerability cve web exploitation laravel
an idor in openproject through meeting agenda items

cve-2026-49355 exposed private work package data through the single meeting agenda item api in openproject

b b4r
June 8, 2026
3 min read

vulnerability cve web exploitation idor
two quiet wallos bugs that still became CVEs

cve-2026-50198 and cve-2026-50199 in wallos were both small authenticated trust bugs, but both still crossed user boundaries in ways they should not have

b b4r
June 5, 2026
4 min read

vulnerability cve web exploitation
a neat little cve in filament

cve-2026-48067 came from a scope mismatch in filament AttachAction and AssociateAction

b b4r
May 25, 2026
2 min read

vulnerability cve web exploitation laravel
cross-tenant credential disclosure in itflow

cve-2026-47755 let a low-privileged authenticated user pull another client credentials and totp secrets in itflow

b b4r
May 25, 2026
3 min read

vulnerability cve web exploitation idor
six cves in one open-source e-commerce project

how i reported six shopper cves spanning authorization bypass, privilege escalation, race conditions, idor, and xss

b b4r
May 22, 2026
4 min read

vulnerability advisory cve web exploitation laravel
my first CVE, CVE-2026-44692

authenticated sharp users could download unrelated laravel storage objects through the generic download endpoint

b b4r
May 8, 2026
7 min read

vulnerability cve web exploitation laravel
how one cve turned into multiple csirt.go.id certs

one vulnerability. multiple targets. multiple certificates.

b b4r
March 10, 2026
2 min read

web exploitation bug bounty
aseng forensic challs always give me a new insight

upsolved it tho :p

b b4r
February 17, 2026
6 min read

forensics ctf disk-image pcap crypto reverse
the type of an ordinary ransomware challs

a writeup of ara7ctf 2026 for/horseman

b b4r
February 7, 2026
4 min read

digital forensic reverse engineering ransomware ctf
LKS internal selection is very fun hahaha...

a complete write up of insanetemple for my beloved juniors

b b4r
January 30, 2026
3 min read

web exploitation ctf
the first chall about CVE-2025-5518 i've solved

it is easy tho

b b4r
December 30, 2025
6 min read

vulnerability cve web exploitation ctf
reversing linux kernel is easy (?)

a writeup of astroctf 2025 rev/ghost

b b4r
December 19, 2025
1 min read

reverse engineering linux kernel ctf