Intigriti 0125 XSS Challenge
2025-01-19
tl;dr
- Abusing URL parsing implemented using Regex .
- Bypassing filters to using Path Normalization .
- Finally XSS !!.
XSLeaks Backdoor CTF
2025-01-19
tl;dr
- Scroll to text fragment XSleak to detect flag
- Exfiltrate characters using link tag dns-prefetch
- leak flag char by char
Intigriti 0824 XSS Challenge
2025-01-05
tl;dr
- Bypassing CSPT filters and UUID validations implemented using Regex .
- Chaining CSPT and Open-Redirect to achieve XSS .
- Finally XSS and retrive the admin cookie .
Intigriti 0724 XSS Challenge
2024-06-06 | #writeups
tl;dr
- Dom clobbering to clobber isDevelopmet
- Throwing an error using RPO to prevent Dompurify from loading
- Using base tag’s to import our evil.js
WaterMark as a Service AngstromCTF
2024-05-26 | #writeups
tl;dr
- XS-search 200 / 404 .
- Leaking using HTML injection in a same-site challenge.
- Link tags and Error events .