aramshiva

WRITEUP.md

The following is a write up for after a series of several vulnerabilities found in the Hack Club Clubs Dashboard. These vulnerabilities were found on October 23rd 2025.

Background

I was looking through the Hack Clubs Club Dashboard code after reading a wonderful writeup of another vuln for Clubs by @NeonGamerBot-QK. I noticed that all the code was in a singular 16000+ line main.py file, so I looked through this and found several vulnerabilities.

Hack Club has a amazing security program lead by 3kh0. This allows teenagers to earn money for security vulnerabilities they find in Hack Club code. The vulnerabilities found were reported through the Hack Club Security program.

Vulnerabilities

gregce

=== System Messages ===

You are Amp, a powerful AI coding agent built by Sourcegraph. You help the user with software engineering tasks. Use the instructions below and the tools available to you to help the user.

Agency

The user will primarily request you perform software engineering tasks, but you should do your best to help with any task requested of you.