blog.voorivex.teamuXSS on Samsung Browser [CVE-2025-58485 SVE-2025-1879]Introduction This write-up explains how @YShahinzadeh and I discovered a Universal Cross-Site Scripting (UXSS) vulnerability in the Samsung Internet Browser, identified as CVE-2025-58485 and SVE-2025-4h ago·13 min read
blog.voorivex.teamOAuth Non-Happy Path to ATOA few months ago, I was working on a public bug bounty program, and there was an OAuth implementation for users to log in and sign up. Introduction First of all, before you start reading this blog post, you should be familiar with some concepts: Happ...Nov 22, 2024·7 min read
blog.voorivex.teamA Weird CSP Bypass led to $3.5k BountyRoughly 5 months ago, YShahinzadeh and I found an XSS vulnerability that had a weird CSP bypass leading to Account Takeover and received a $3500 bounty. The journey was quite interesting to me as it involved deep recon, reading many documents of the ...Oct 23, 2024·6 min read
blog.voorivex.teamHijacking OAuth Code via Reverse Proxy for Account TakeoverRecon: The target scope I had selected was fixed to the main application: 1377.targetstaging.app In the first phase of my narrow recon approach, I utilized various services like Archive, Google, and Yahoo to extract endpoints and different paths. Ho...Nov 17, 2023·5 min read
blog.voorivex.team$9240 Bounty in 30 days Hunt ChallengeIntro Hello, I'm Omid, a 22-year-old enthusiast diving into the world of web application hacking for nearly a year and a half now. I'm currently hunting for the Voorivex team, a group of people like me who have the same interests. You can read my fir...Oct 21, 2023·12 min read