Intigriti's October 2021 XSS Challenge
October 31, 2021
In October 2021 the Belgian ethical hacking platform Intigriti hosted a new XSS (cross site scripting) challenge.
- I uploaded a PDF containing my writeup that can be read below or downloaded here: PDF
- Here the link to the full "challenge.php" file which was used: Challenge PHP page
The challenge was build around mutation XSS (mXSS) were a HTML injection could be exploited. The browser tries to fix our malformed injected HTML tags and thus "mutates" the HTML source code. This combined with some weak spots in the CSP policy allows the execution of a XSS attack against the webpage.
Embedded writeup PDF:
Latest Posts
- August CTF Challenge 2024 - Intigriti June XSS Challenge 2023 - Intigriti April CTF Challenge 2023 - Intigriti February XSS Challenge 2023 - Intigriti December XSS Challenge 2022 - Intigriti July XSS Challenge 2022 - Intigriti March XSS Challenge 2022 - Intigriti February XSS Challenge 2022 - Intigriti January XSS Challenge 2022 - Intigriti December XSS Challenge 2021 - Intigriti October XSS Challenge 2021 - Intigriti September XSS Challenge 2021 - Intigriti May XSS Challenge 2021 - Intigriti March XSS Challenge 2021 - Intigriti November XSS Challenge 2020 - Intigriti May XSS Challenge 2020 - Intigriti KIBA - Try Hack Me