blog.voorivex.teamWhen Two Parsers Disagree: Exploiting Query String Differentials for XSSWhen you spend enough time hunting for vulnerabilities in real-world applications, you start seeing the same patterns over and over again. One pattern that kept showing up in my audits was this: the backend receives some user input, validates it care...Feb 10·15 min read
blog.voorivex.teamShaking the MCP Tree: A Security Deep DiveAI is moving fast. Companies are racing to connect their services to AI assistants, shipping integrations as quickly as possible to stay ahead. But when speed is the priority, security often gets left behind. In this post, I'll show you what happens ...Feb 3·14 min read
blog.voorivex.teamCloudflare Image Proxy as a CSPT Gadget: A Cross-Origin CSPT ExploitThe CSPT (Client-Side Path Traversal) vulnerability has recently attracted considerable attention from bug bounty hunters and security researchers because of its flexibility and the variety of real-world impacts it can enable. CSPT arises when user-c...Oct 19, 2025·4 min read
blog.voorivex.teamCSS Data Exfiltration to Steal OAuth TokenHello, I’m Amir, and this is my first blog post here. Some time ago, @YShahinzadeh shared an endpoint with me and asked me to investigate it. It was vulnerable to HTML injection. Although it couldn't lead to XSS, I started exploring how to make the m...Feb 15, 2025·7 min read
