Intigriti's May 2021 XSS Challenge
June 7, 2021
At the end of May 2021 the Belgian ethical hacking platform Intigriti hosted a new XSS (cross site scripting) challenge.
- I uploaded a PDF containing my writeup that can be read below or downloaded here: PDF
- I also created a small POC video that shows the XSS attack: POC Video
The POC video shows first the Intigriti challenge page. At first the Javascript with very limited character set to bypass the challenge regex security check is being executed as self XSS via the developer tools. This shows it is valid Javascript language that actually works. Then the payload is URL encoded so the URL can be delivered to a victim. The victim still needs to click the Submit button to execute the payload. The challenge is as far as I got informed only solvable if the victim clicks to execute the payload.
Embedded writeup PDF:
Latest Posts
- June XSS Challenge 2023 - Intigriti April CTF Challenge 2023 - Intigriti February XSS Challenge 2023 - Intigriti December XSS Challenge 2022 - Intigriti July XSS Challenge 2022 - Intigriti March XSS Challenge 2022 - Intigriti February XSS Challenge 2022 - Intigriti January XSS Challenge 2022 - Intigriti December XSS Challenge 2021 - Intigriti October XSS Challenge 2021 - Intigriti September XSS Challenge 2021 - Intigriti May XSS Challenge 2021 - Intigriti March XSS Challenge 2021 - Intigriti November XSS Challenge 2020 - Intigriti May XSS Challenge 2020 - Intigriti KIBA - Try Hack Me