3 and a half solutions for Intigriti’s challenge 1220

The rules

Let’s get started!

A leet calculation

Time to check the source code

An initial thought

So what you can set a variable?


Approaching a solution


Try harder

Found here

Let’s just not refresh

location.hash = "?num1=document.domain"
A moment of confusion
location.hash = "?&num1=document.domain"

Eval to the rescue

That’s better

Solution #1

A moment of relief


A beautiful moment

Solution #2 | No user-interaction

Even more beautiful!

Solution #3 | An unintended solution


Solution #3.5 | A different approach to getting XSS





Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Sharing state between AngularJS and Angular v6 with Redux

How to go from Callbacks to Async Await in Node

Detect JSON Insecure Deserialization Threats in JavaScript

Keycloak, OpenShift, and Emails: A Tale of Links With Wrong Base URLs

Building “Mastermind” in React

Find First Negative Number in Every subarray of Size k using Sliding Window Algorithm

[Learning] #18 JS: Intro to function

Getting started with automation testing and Nightwatch.js

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Bug Bounty Hunter

More from Medium

Simple CTF Walkthrough — TryHackMe

Exploiting XSS to Steal Cookies (Portswigger Web Security Academy)

Linux PrivEsc — TryHackMe Jnr Pentester Path

TRY HACK ME: Write-Up Exploiting Log4j