Skip to content
Navigation menu
Search
Powered by Algolia
Search
Log in
Create account
DEV Community
Close
OopsSec Store - Walkthroughs Series' Articles
Back to Oopssec Store's Series
The ORM Didn't Save You: SQL Injection in a Prisma Codebase
Oopssec Store
Oopssec Store
Oopssec Store
Follow
Apr 28
The ORM Didn't Save You: SQL Injection in a Prisma Codebase
#
security
#
nextjs
#
webdev
#
tutorial
Comments
Add Comment
4 min read
Prompt Injection: 5 Ways to Bypass a Regex Blocklist on an LLM
Oopssec Store
Oopssec Store
Oopssec Store
Follow
Apr 30
Prompt Injection: 5 Ways to Bypass a Regex Blocklist on an LLM
#
security
#
webdev
#
ai
#
tutorial
Comments
Add Comment
5 min read
Client-Side Price Manipulation: Pay Whatever You Want at Checkout
Oopssec Store
Oopssec Store
Oopssec Store
Follow
May 3
Client-Side Price Manipulation: Pay Whatever You Want at Checkout
#
security
#
nextjs
#
webdev
#
tutorial
Comments
Add Comment
4 min read
How a fake npm package made Cursor backdoor a Next.js admin route
Oopssec Store
Oopssec Store
Oopssec Store
Follow
May 6
How a fake npm package made Cursor backdoor a Next.js admin route
#
security
#
nextjs
#
ai
#
webdev
Comments
Add Comment
8 min read
Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF
Oopssec Store
Oopssec Store
Oopssec Store
Follow
May 11
Why sameSite: "lax" doesn't save your Next.js admin routes from CSRF
#
security
#
webdev
#
nextjs
#
tutorial
Comments
Add Comment
5 min read
Recovering a gift card code from its createdAt with a 10-line LCG
Oopssec Store
Oopssec Store
Oopssec Store
Follow
May 15
Recovering a gift card code from its createdAt with a 10-line LCG
#
security
#
webdev
#
nextjs
#
javascript
Comments
Add Comment
8 min read
path.join() Is Not Path Validation: A Next.js Traversal Walkthrough
Oopssec Store
Oopssec Store
Oopssec Store
Follow
May 16
path.join() Is Not Path Validation: A Next.js Traversal Walkthrough
#
security
#
nextjs
#
webdev
#
javascript
Comments
Add Comment
4 min read
The Env Variable Name Was Gone From the Bundle. The Value Wasn't.
Oopssec Store
Oopssec Store
Oopssec Store
Follow
May 20
The Env Variable Name Was Gone From the Bundle. The Value Wasn't.
#
security
#
nextjs
#
webdev
#
javascript
Comments
Add Comment
5 min read
Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses
Oopssec Store
Oopssec Store
Oopssec Store
Follow
May 28
Your Next.js API Route Is Leaking Diagnostics in Its 400 Responses
#
security
#
nextjs
#
webdev
#
javascript
Comments
1
comment
5 min read
Racing a Next.js API route: coupon abuse with Prisma and SQLite
Oopssec Store
Oopssec Store
Oopssec Store
Follow
Jun 4
Racing a Next.js API route: coupon abuse with Prisma and SQLite
#
security
#
nextjs
#
webdev
#
tutorial
Comments
1
comment
7 min read
Reading a protected Next.js page with zero credentials (CVE-2025-29927)
Oopssec Store
Oopssec Store
Oopssec Store
Follow
Jun 9
Reading a protected Next.js page with zero credentials (CVE-2025-29927)
#
nextjs
#
security
#
webdev
#
javascript
Comments
2
comments
3 min read
How My Fake MCP Server Tricked an AI Into Calling a Tool It Refused Me
Oopssec Store
Oopssec Store
Oopssec Store
Follow
Jun 13
How My Fake MCP Server Tricked an AI Into Calling a Tool It Refused Me
#
security
#
ai
#
webdev
#
nextjs
Comments
Add Comment
8 min read
Hijacking a live broadcast with a non-admin account and curl
Oopssec Store
Oopssec Store
Oopssec Store
Follow
Jun 29
Hijacking a live broadcast with a non-admin account and curl
#
security
#
nextjs
#
webdev
#
tutorial
Comments
Add Comment
5 min read
We're a place where coders share, stay up-to-date and grow their careers.
Log in
Create account