Intigriti's February 2022 XSS Challenge
February 14, 2022
Belgian ethical hacking platform Intigriti hosted a new monthly XSS (cross site scripting) challenge in February 2022.
- I uploaded a PDF containing my writeup that can be read below or downloaded here: PDF
The challenge was build around a parameter that could be controlled by the attacker but only allowed a limited amount of characters. This check could be bypassed via a source code variable that was then used to abuse a second parameter that did not have to pass the character limit check. This second parameter can be altered in such way it executes any arbitrary Javascript code without character length restrictions.
Embedded writeup PDF:
Latest Posts
- August CTF Challenge 2024 - Intigriti June XSS Challenge 2023 - Intigriti April CTF Challenge 2023 - Intigriti February XSS Challenge 2023 - Intigriti December XSS Challenge 2022 - Intigriti July XSS Challenge 2022 - Intigriti March XSS Challenge 2022 - Intigriti February XSS Challenge 2022 - Intigriti January XSS Challenge 2022 - Intigriti December XSS Challenge 2021 - Intigriti October XSS Challenge 2021 - Intigriti September XSS Challenge 2021 - Intigriti May XSS Challenge 2021 - Intigriti March XSS Challenge 2021 - Intigriti November XSS Challenge 2020 - Intigriti May XSS Challenge 2020 - Intigriti KIBA - Try Hack Me