Skip to content

DEV Community

OopsSec Store - Walkthroughs Series' Articles

Back to Oopssec Store's Series

Cover image for The ORM Didn't Save You: SQL Injection in a Prisma Codebase

Apr 28

The ORM Didn't Save You: SQL Injection in a Prisma Codebase

#security #nextjs #webdev #tutorial

4 min read

Cover image for Prompt Injection: 5 Ways to Bypass a Regex Blocklist on an LLM

Apr 30

Prompt Injection: 5 Ways to Bypass a Regex Blocklist on an LLM

#security #webdev #ai #tutorial

5 min read

Cover image for Client-Side Price Manipulation: Pay Whatever You Want at Checkout

May 3

Client-Side Price Manipulation: Pay Whatever You Want at Checkout

#security #nextjs #webdev #tutorial

4 min read

Cover image for How a fake npm package made Cursor backdoor a Next.js admin route

May 6

How a fake npm package made Cursor backdoor a Next.js admin route

#security #nextjs #ai #webdev

8 min read

Cover image for Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF

May 11

Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF

#security #webdev #nextjs #tutorial

5 min read

Cover image for Recovering a gift card code from its createdAt with a 10-line LCG

May 15

Recovering a gift card code from its createdAt with a 10-line LCG

#security #webdev #nextjs #javascript

8 min read

Cover image for path.join() Is Not Path Validation: A Next.js Traversal Walkthrough

May 16

path.join() Is Not Path Validation: A Next.js Traversal Walkthrough

#security #nextjs #webdev #javascript

4 min read

Cover image for The Env Variable Name Was Gone From the Bundle. The Value Wasn't.

May 20

The Env Variable Name Was Gone From the Bundle. The Value Wasn't.

#security #nextjs #webdev #javascript

5 min read

Cover image for Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses

May 28

Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses

#security #nextjs #webdev #javascript

5 min read