RC RANDOM CHAOS

web-security

4 posts

CORS misconfiguration is consent, not an exploit
Article

CORS misconfiguration is consent, not an exploit

CORS misconfiguration explained at the mechanism level: origin reflection, null origin, broken allowlist matching, the credentialed-read exploit path, and why it stays invisible in telemetry.

The agent reads the page and obeys
Article

The agent reads the page and obeys

How Playwright-driven AI agents change the web's threat model: prompt injection, session hijacking, broken CAPTCHAs, and what to do this quarter.

The storefront went dark by sundown
Article

The storefront went dark by sundown

A merchandise site linked to Kash Patel went dark after allegedly serving malware. Operator breakdown of the control gaps that made takedown the only response.

I built Burp Suite in Rust
Article

I built Burp Suite in Rust

Technical breakdown of an open-source Burp Suite alternative - proxy core, fuzzer, scanner depth, Collaborator gap, and what it means for vuln research.