Fcsc2026

FCSC 2026 – Shrimp Saver

TL;DR: XSS via HTML entity double-parse and CSP bypass via PHP warning

April 6, 2026 · 6 min · SpiizN

FCSC 2026 – FCSC Aquarium

TL;DR: RCE via data: URI injection in import() and node permission bypass via inspector API

April 5, 2026 · 5 min · SpiizN

FCSC 2026 – Bubulle Corp (Part 1/2)

TL;DR: SSRF by bypassing the https:// scheme filter through an XML parsing discrepancy

April 3, 2026 · 5 min · SpiizN

FCSC 2026 – Shellfish Say

TL;DR: XSS via path traversal chained with arbitrary file write through PHP session upload progress

April 3, 2026 · 6 min · SpiizN