404CTF 2026 - Le Wiki d'Hélène Metzger
TL;DR: RCE through polluting node execSync options and algorithm confusion
Writeups
FCSC 2026 – Shrimp Saver
TL;DR: XSS via HTML entity double-parse and CSP bypass via PHP warning
FCSC 2026 – Bubulle Corp (Part 1/2)
TL;DR: SSRF by bypassing the https:// scheme filter through an XML parsing discrepancy
FCSC 2026 – FCSC Aquarium
TL;DR: RCE via data: URI injection in import() and node permission bypass via inspector API
FCSC 2026 – Shellfish Say
TL;DR: XSS via path traversal chained with arbitrary file write through PHP session upload progress