Skip to main content
← Back to home

Real Vulnerabilities. Real Apps.

These are not benchmarks or CTF challenges. These are real vulnerabilities found on real production applications handling real money and real user data. Every finding was independently verified with proof before reporting.

11
Critical findings
36
Total verified findings
30 min
Average scan time
100%
Verified before reporting
CRITICAL
2 hours16 agents19 findings

$19,832 in Nonprofit Payout Data Exposed on a Fintech App

Flutter mobile app + Firebase backend + WordPress marketing site

A fintech donation app built by a 20-person team over 2 years had its Firebase backend wide open. We created a free account (no email verification), queried Firestore, and read 148 nonprofit records including EINs, Stripe account IDs, physical addresses, and 1,930+ payout records totaling $19,832 in gross revenue. We also proved write access -- creating a fake 'verified' organization and injecting a payout record into their production database. The WordPress marketing site had a CVSS 9.8 RCE that the team patched within hours of our first report.

Key Findings

CRITICAL
1,930+ Financial Payout Records Readable by Any Free Account
Created a free Firebase account (no email verification), queried Firestore, read payout records across 33 organizations totaling $19,832+ in gross revenue with real Stripe payout IDs.
CRITICAL
148 Nonprofit Records Exposed (106 EINs, 79 Stripe IDs, 94 Addresses)
The entire organizations collection was readable by any authenticated user. Tax IDs, payment processor accounts, physical addresses, and owner UIDs for 148 nonprofits.
CRITICAL
Write Access to Production Database -- Fake Verified Orgs
Any free account could write new documents to the organizations collection with isVerified: true. An attacker could create fake nonprofits to receive real donations.
CRITICAL
Unauthenticated File Upload to Firebase Storage
Dev storage bucket allowed anyone to upload files without authentication. Production app references this bucket. We uploaded a test file (HTTP 200), then deleted it.
CRITICAL
CVSS 9.8 RCE via Outdated Form Plugin (PATCHED)
Form plugin was 50+ versions behind with known unauthenticated file upload exploit. Team patched to current version within hours of our report.
HIGH
CORS Credential Theft on REST API
API reflected any origin with credentials allowed. Any website an admin visits could silently read all WordPress data.

What an attacker could do

Download every nonprofit's EIN and commit identity fraud against 100+ organizations
Create fake verified nonprofits to steal real donations
Inject fake payout records to manipulate financial reporting
Upload malicious content served to production users
Send spoofed emails as @yourchange.app to donors (no DMARC)
Fill the storage bucket with TB of garbage -- they pay the Google Cloud bill
Ransom: download all data, corrupt the database, demand payment
Stack: Flutter, Firebase (Firestore, Storage, Auth, Functions), Google App Engine, Stripe, Plaid, Dwolla, Hyperwallet, WordPress, WP Engine, Cloudflare
Method: 16 agents across 3 phases: WordPress scan (7 agents), APK decompilation (1 agent), Firebase backend attack (5 agents + inline orchestrator). Non-destructive -- test artifacts documented for client cleanup.
CRITICAL
30 minutes1 agents7 findings

Webhook Signature Bypass on a Multi-Tenant SaaS

Next.js + Supabase + Stripe + WooCommerce

A production multi-tenant SaaS platform with payment processing had a webhook endpoint that accepted arbitrary order data from any source. The signature validation only fired when a specific HTTP header was present -- omit the header, skip the entire security check.

Key Findings

CRITICAL
Webhook Signature Bypass via Header-Routing Flaw
HMAC signature validation only triggered when X-WC-Webhook-Topic header was present. Omit the header, bypass all authentication. Any attacker could fabricate order events.
CRITICAL
Unauthenticated Tenant Injection
The same endpoint accepted any org_id as a query parameter with no validation. Combined with the signature bypass: fabricate orders for any tenant.
MEDIUM
CSP in Report-Only Mode
Content Security Policy was set to report-only with unsafe-inline and unsafe-eval permitted. No browser-side XSS mitigation.

What an attacker could do

Fabricate orders that trigger fulfillment workflows
Poison sales data across any tenant
Mark fake orders as paid, triggering downstream shipping
Data integrity compromise across the multi-tenant platform
Stack: Vite, React, Supabase, Stripe, WooCommerce webhooks
Method: Inline orchestrator scan with zero agent dispatches. 80 probes in 30 minutes. Every finding verified with proof matrix.
CRITICAL
30 minutes10 agents7 findings

Full Community Message Leak + Agent Hijack Path

Next.js + Supabase + AI agents + MCP

A community platform connecting AI agents had zero row-level security on its message and event tables. Any unauthenticated visitor could read every conversation in the community. Worse: the operator command table was fully writable -- an attacker could inject, modify, or delete the instructions that drive the community bot.

Key Findings

CRITICAL
Operator Command Table: Full CRUD by Anonymous
The operator_posts table (which drives the community bot) had zero RLS. Proven: INSERT returned 201, UPDATE returned 200, DELETE returned 204. An attacker could inject fake bot commands.
CRITICAL
All Community Messages Readable Without Auth
20+ messages with full content, user IDs, and channel IDs returned to any request with just the public anon key. Strategic discussions, member links, and personal experiences all exposed.
HIGH
11 Tables Allow Anonymous DELETE
Even tables where INSERT was blocked still allowed DELETE. An attacker could destroy data across 11 tables including members, feature requests, and pinned messages.

What an attacker could do

Read every community conversation without logging in
Inject fake commands into the AI agent control channel
Delete member data, feature requests, and pinned content
Hijack the community bot to post attacker-controlled content
Enumerate the full community structure and member list
Stack: Next.js, Supabase, Vercel, FastMCP, AI agents
Method: 10-agent swarm across 2 waves. RLS probe on every table. INSERT/UPDATE/DELETE verification on every writable surface.
HIGH
30 minutes10 agents3 findings

Sales Strategy + Agent Logs Leaked via Missing RLS

Next.js + Supabase affiliate engine

An affiliate commission platform had three internal tables readable by any unauthenticated visitor: sales targeting personas (who to sell to and how), agent execution logs (what the AI agents were doing and why), and internal team feedback. The financial tables were correctly protected -- but the strategy was wide open.

Key Findings

HIGH
Sales Persona Database Exposed (18 rows)
Complete sales targeting strategy: which doctor types to approach, their buying motivations, psychology profiles. A competitor with the anon key knows the exact playbook.
HIGH
Agent Execution Logs Exposed (71 rows)
Full trace chains showing agent names, skills used, reasoning processes, and timestamps. Reveals the entire AI agent architecture.
HIGH
Internal Team Feedback Exposed (10 rows)
Page-level feedback from team members including author names and content. Internal communications accessible to anyone.

What an attacker could do

Competitor reads the complete sales targeting strategy
Reverse-engineer the AI agent architecture from execution logs
Read internal team communications and feedback
Stack: Next.js, Supabase, Vercel, Stripe
Method: 10-agent swarm. Financial tables (affiliate_profiles, commission_ledger, deals) confirmed correctly locked.

What would we find on your app?

Every app we've scanned had real vulnerabilities. The average scan takes 30 minutes and the report includes exact reproduction steps your dev team can verify independently.

Get Your Security ReportView Benchmark Scores

All case studies are from real production applications scanned with owner authorization. Application names and identifying details are anonymized. Every finding was verified with independent reproduction before reporting.