Notes from the inside of other people's binaries — security research, reverse engineering, mobile development, and the occasional AI rabbit hole.https://notes.forcetower.dev/en-ushttps://notes.forcetower.dev/posts/sagres-priv-esc/https://notes.forcetower.dev/posts/sagres-priv-esc/A broken-access-control vulnerability in SAGRES (a Brazilian academic-management platform) let any authenticated student act as any other person at the institution by tampering with two query parameters.Fri, 08 May 2026 00:00:00 GMTsecuritydisclosuresagres