Sign in

This month’s Intigriti challenge was made by the amazing Terjanq. He made a cool write-up himself here! As expected, this challenge was out of the ordinary. Complex, frustrating, and super interesting.

Disclaimer: I wrote this write-up instead of sleeping, so I apologize in advance for typos and confusing sentences.

Let’s dive in!

Looking at the challenge page, we see the following script:

We can see that the GET parameter error is used to create an ‘error’ message on the page. Interestingly, the value of the GET parameter is inserted in the DOM using innerHTML as seen on line 17…


For the latest addition to YesWeHack’s Dojo series, we’re faced with the challenge of fetching the secret that EvilCorp2.0 is storing on the /secret endpoint. To obtain this secret, we need to find a way through the security mechanisms that EvilCorp2.0 has put in place for their small app. Their app is created using Deno and it allows us to specify a URL as a string, which the server will fetch for us if it passes the security mechanisms.

The security mechanisms are implemented as a function called waf. The function takes a parameter of type 'string' called str. …


Intigriti is back at it again! This month’s challenge is yet another from the amazing Inti. Let’s dive right into it!

The rules are as follows:

The solution…
- Should work on the latest version of Firefox or Chrome
- Should
alert() the following flag: flag{THIS_IS_THE_FLAG}.
- Should leverage a cross site scripting vulnerability on this page.
- Shouldn’t be self-XSS or related to MiTM attacks
- Should be reported at
go.intigriti.com/submit-solution

The challenge seems to revolve around this interesting component, found at the bottom of the page:

Inti has decided to give us the possibility of writing and storing…


A new month, a new challenge. Eager for a new Intigriti challenge I was happy to finally see this tweet:

Let’s jump in and read the rules!

The solution…

- Should work on the latest version of Firefox or Chrome
- Should
alert() the following flag: {THIS_IS_THE_FLAG}.
- Should leverage a cross site scripting vulnerability on this page.
- Shouldn’t be self-XSS or related to MiTM attacks
- Should be reported at
go.intigriti.com/submit-solution

At first sight, the page doesn’t seem to have any functionality nor provides us with a cool calculator. …


Not in the mood for reading? Fair enough, here’s the solution:
PoC URL
: https://bugpoc.com/poc#bp-DAPAxYtZ
Password: huMANEemu69

Well would you look at that. A *wild* XSS challenge has appeared and it looks like my weekend plans has to be scrapped.

Let’s play a game… or maybe just pop an XSS?

Let’s start by checking out the challenge page:

The page appears to be a game where you have to pick three cards, one from each pile, and get a sum of 18. While the game looks fun, that’s not why we’re here is it? …


Just show me to the solutions already!
Fair enough:
Solution #1
Solution #2 | No user-interaction
Solution #3 | An unintended solution
Solution #3.5 | A different approach to getting XSS

It’s December and this year Christmas came early! On 7/12, a new tweet ticked in from Intigriti announcing a new challenge:

Since Intigriti recently paid out €185.000 in bounties in one day they thought it would be a good idea to make us a calculator, but it seems like it can do a bit more than intended…

The rules

The solution to the challenge should meet the following requirements:

1…


Just show me the solution already!
Fair enough, here you go:
PoC URL: https://bugpoc.com/poc#bp-yWlmd3py
Password: RushFROG09

On 11/04, BugPoC’s latest contribution to their CTF collection kicked off. I was eagerly waiting for the challenge to go live and finally, a tweet came in:

The rules were as follows:

1. You must alert(origin) showing https://wacky.buggywebsite.com
2. You must bypass CSP
3. It must be reproducible using the latest version of Chrome
4. You must provide a working proof-of-concept on bugpoc.com

Cool site, what can it do?

I quickly visited the site, and was met with the following:

The functionality of the page was to make user-supplied…

holme

Bug Bounty Hunter

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store