Sissel Siss3l

Intigriti March 2025 Bonus Web Challenge

Resolution

Based on the website working with NextJS and XML edition, we suspect that related recent exploits are needed to easily solve this challenge:

# On local host
flag = __import__("json").loads(__import__("requests").post(
  "https://hackdonalds.intigriti.io/api/parse-xml",

Intigriti March 2025 XSS Challenge

Description

The solution:

Should leverage a cross site scripting vulnerability on this domain;
Should work on the latest version of Chromium and Firefox;

Renwa XSS Iframe Escape Web Challenge 2025

Description

Pop the alert().

Overview

DOMPurify 3.2.3 February XSS Challenge

Description

Pop an alert.

The solution:

Intigriti's January Challenge

Description

The solution:

Should work on the latest version of Chrome and FireFox;
Should leverage a cross site scripting vulnerability on this domain;

TryHackMe - Advent of Cyber 2024 Side Quests

In addition to the Advent of Cyber 2024 room, we have an annex Side Quest task.

Description

Five tasks need to be completed to finish the side quests.
The keycards to the machines will be scattered around the main Advent of Cyber 2024 room, hidden in some of the core event challenges.

Intigriti December 2024 XSS Challenge

Description

The solution:

Should leverage a cross site scripting vulnerability on this domain;
Should work on the latest version of Chrome and FireFox;

1337UP Capture The Flag 2024 - OSINT

Category: OSINT

Intigriti August Challenge

Category: Web
Impact: Medium
Solves: 10

	"""JAN Ten (credit: Darien Brito) \| You can only use TAU in your code, no other number allowed."""
	from flask import Flask, Response, request
	app = Flask(__name__)
	@app.route("/", methods=["GET"])
	def start() -> Response:
	return Response("""
	<!DOCTYPE html>
	<html>
	<head>
	<script src="./p.js"></script>