Intigriti 0125 XSS Challenge
2025-01-19
tl;dr
- Abusing URL parsing implemented using Regex .
- Bypassing filters to using Path Normalization .
- Finally XSS !!.
Intigriti 0824 XSS Challenge
2025-01-05
tl;dr
- Bypassing CSPT filters and UUID validations implemented using Regex .
- Chaining CSPT and Open-Redirect to achieve XSS .
- Finally XSS and retrive the admin cookie .
Intigriti 0724 XSS Challenge
2024-06-06 | #writeups
tl;dr
- Dom clobbering to clobber isDevelopmet
- Throwing an error using RPO to prevent Dompurify from loading
- Using base tag’s to import our evil.js
WaterMark as a Service AngstromCTF
2024-05-26 | #writeups
tl;dr
- XS-search 200 / 404 .
- Leaking using HTML injection in a same-site challenge.
- Link tags and Error events .
päääd - Hack.lu CTF 2023
2024-05-26 | #writeups
tl;dr
- meta redirect to attacker website, using the html injection in the paaad.
- leak the unique subdomain with csp violation.
- Another meta redirect csrf with the leaked subdomain to make the note public.