Intigriti's January 2022 XSS Challenge
January 17, 2022
Belgian ethical hacking platform Intigriti hosted a new monthly XSS (cross site scripting) challenge in January 2022.
- I uploaded a PDF containing my writeup that can be read below or downloaded here: PDF
- I also created a small POC video that shows the XSS attack: POC Video
The POC video shows the payload containing the "data-debug" attribute which the development team forgot to remove and allows us to bypass the DOMPurify sanitizer. To discover this "data-debug" attribute I had to de-obfuscate the JavaScript source code.
Embedded writeup PDF:
Latest Posts
- August CTF Challenge 2024 - Intigriti June XSS Challenge 2023 - Intigriti April CTF Challenge 2023 - Intigriti February XSS Challenge 2023 - Intigriti December XSS Challenge 2022 - Intigriti July XSS Challenge 2022 - Intigriti March XSS Challenge 2022 - Intigriti February XSS Challenge 2022 - Intigriti January XSS Challenge 2022 - Intigriti December XSS Challenge 2021 - Intigriti October XSS Challenge 2021 - Intigriti September XSS Challenge 2021 - Intigriti May XSS Challenge 2021 - Intigriti March XSS Challenge 2021 - Intigriti November XSS Challenge 2020 - Intigriti May XSS Challenge 2020 - Intigriti KIBA - Try Hack Me