indexed.digital
full-stack developer

lettersindexed

Mon • Apr 13, 2026 • 02:37 PM

I build full-stack products and write about the sharp edges I run into—misconfigurations, exposed databases, and the occasional “how did this ship” moment.

currently indexed at this domain

Projects

3

naleakbaako.online

breach-search

Breach database search tool with full accounts, credit-based usage, email 2FA, and an admin dashboard.

Next.jsSQLiteJWTAES-256

lnk-extractor

lnk-extraction

A forensic metadata extractor for Windows `.lnk` (shortcut) files

C++

centro-coffee

centro-coffee

A coffee shop website I made as a passion project, hopefully they will notice this soon.

HTMLCSSJavaScript

Languages

4
Pythoncomfortably used in real projects
C++comfortably used in real projects
Ccomfortably used in real projects
JavaScriptcomfortably used in real projects

Writing

7 entries

75 Netflix Session Cookies | DUMPED

Security Assessment: hindisijared.dev Target Overview - URL: https://hindisijared.dev - Platform: Static portfolio site on Cloudflare Pages hosting a Netflix account sharing tool (...

kirkify.net - Security Assessment & Data Extraction Report

Target: kirkify.net (AI-powered face-swap meme generator) Date: 2026-02-23 Status: Presign endpoint PATCHED during testing (developer responded) --- Executive Summary kirkify.n...

The same Supabase mistake, three times in a row

I kept finding the same bug. Three different apps, and all three had the same root cause: Supabase with Row Level Security turned off. Anon key in the frontend, no policies on the...

Empty API key and full IDOR chain on a Filipino browser strategy game

Empty API key and full IDOR chain on a Filipino browser strategy game war.add.ph runs a game called "Tribes of Malaya" -- a browser-based town-building strategy game where you mana...

How I dumped 4,500 users and 5,000 GPS-tagged confessions from a feelings app

How I dumped 4,500 users and 5,000 GPS-tagged confessions from a feelings app Embers is one of those apps where you drop anonymous thoughts on a map, tagged with how you're feeling...

How I dumped 5,891 companies with banking details from a French logistics platform

Gustave Auto is a vehicle transport and delivery service based in France. Drivers sign up as independent contractors (mostly "EI" or auto-entrepreneur status), provide their bankin...

How I dumped 14,000 crypto traders from a scanner app with exposed Supabase keys

How I dumped 14,000 crypto traders from a scanner app with exposed Supabase keys CryptoXScanner is a crypto trading tool. You sign up, connect your exchange accounts, set up Telegr...