Intigriti's September 2021 XSS Challenge
September 12, 2021
In September 2021 the Belgian ethical hacking platform Intigriti hosted a new XSS (cross site scripting) challenge.
- I uploaded a PDF containing my writeup that can be read below or downloaded here: PDF
- I also created a small POC video that shows the XSS attack: POC Video
- Here the link to the full "manager.js" file which was used: Obfuscated JavaScript file
- Here the link to the dictionary file I created to pass the obfuscation: De-obfuscated dictionary
The POC video shows first the XSS mutation payload that passes the security filter. We need to Base64 encode our payload and finally we can deliver the URL to our victim who stores a random password that fires the XSS attack.
Embedded writeup PDF:
Latest Posts
- June XSS Challenge 2023 - Intigriti April CTF Challenge 2023 - Intigriti February XSS Challenge 2023 - Intigriti December XSS Challenge 2022 - Intigriti July XSS Challenge 2022 - Intigriti March XSS Challenge 2022 - Intigriti February XSS Challenge 2022 - Intigriti January XSS Challenge 2022 - Intigriti December XSS Challenge 2021 - Intigriti October XSS Challenge 2021 - Intigriti September XSS Challenge 2021 - Intigriti May XSS Challenge 2021 - Intigriti March XSS Challenge 2021 - Intigriti November XSS Challenge 2020 - Intigriti May XSS Challenge 2020 - Intigriti KIBA - Try Hack Me