Skip to content

Instantly share code, notes, and snippets.

View Siss3l's full-sized avatar
🦊

Sissel Siss3l

🦊
View GitHub Profile
@Siss3l
Siss3l / poc.md
Last active April 5, 2025 18:20
DOMPurify 3.2.4 February XSS Challenge

DOMPurify 3.2.3 February XSS Challenge

Description

Pop an alert.

Chall

The solution:

@Siss3l
Siss3l / escape.md
Last active April 5, 2025 18:20
XSS Web Challenge 2025 @RenwaX23

Renwa XSS Iframe Escape Web Challenge 2025

Description

Pop the alert().

Chall

Overview

@Siss3l
Siss3l / 0325.md
Last active April 5, 2025 18:20
Intigriti March 2025 XSS Challenge @0x999-x

Intigriti March 2025 XSS Challenge

Challenge

Description

The solution:

  • Should leverage a cross site scripting vulnerability on this domain;
  • Should work on the latest version of Chromium and Firefox;
@Siss3l
Siss3l / bonus.md
Last active April 15, 2025 09:58
Intigriti March 2025 Bonus Web Challenge

Intigriti March 2025 Bonus Web Challenge

Resolution

Based on the website working with NextJS and XML edition, we suspect that related recent exploits are needed to easily solve this challenge:

# On local host
flag = __import__("json").loads(__import__("requests").post(
  "https://hackdonalds.intigriti.io/api/parse-xml",