Intigriti's April 2026 CTF Challenge
April 29, 2026
Belgian ethical hacking platform Intigriti hosted a new monthly CTF (Capture The Flag) challenge in April 2026.
- I uploaded a PDF containing my writeup that can be read below or downloaded here: PDF
- The JavaScript client side source code can be found here: app.js
The challenge was build around getting the flag by finding a bypass for the DOMPurify configuration via a path traversal and malicious preferences injection. This could be abused to deliver a blind XSS attack against the application back-end.
Embedded writeup PDF:
Latest Posts
- April CTF Challenge 2026 - Intigriti February CTF Challenge 2026 - Intigriti November CTF Challenge 2025 - Intigriti October CTF Challenge 2025 - Intigriti October CTF Challenge 2025 - Intigriti May XSS Challenge 2025 - Intigriti January XSS Challenge 2025 - Intigriti January XSS Challenge 2025 - Intigriti August CTF Challenge 2024 - Intigriti June XSS Challenge 2023 - Intigriti April CTF Challenge 2023 - Intigriti February XSS Challenge 2023 - Intigriti December XSS Challenge 2022 - Intigriti July XSS Challenge 2022 - Intigriti March XSS Challenge 2022 - Intigriti February XSS Challenge 2022 - Intigriti January XSS Challenge 2022 - Intigriti December XSS Challenge 2021 - Intigriti October XSS Challenge 2021 - Intigriti September XSS Challenge 2021 - Intigriti May XSS Challenge 2021 - Intigriti March XSS Challenge 2021 - Intigriti November XSS Challenge 2020 - Intigriti May XSS Challenge 2020 - Intigriti KIBA - Try Hack Me