I couldn’t participate on the first day of the competition due to some personal matters. When I joined on the second day, I found out that my teammates had already solved most of the web challenges, so there were many challenges that I didn’t get to see.
Since I love JavaScript and XS-leak, I will only write about the two challenges that I found most interesting:
(I may write about another challenge that involves DOMPurify + marked bypass XSS in the future)
I didn’t check all the challenges this time because when I joined the competition, most of the challenges already solved by my teammates lol
I love JavaScript(yep, including those weird features) and XS-leak, so this writeup will talk about only two challenges:
Among the many web vulnerabilities, my favorite is prototype pollution. It can be powerful sometimes when you find a script gadget.
So, I decided to make an XSS challenge about prototype pollution.
In April, the challenge I made was released on Intigriti, if you haven’t checked that one, here is the link: https://challenge-0422.intigriti.io/
Making a good challenge is hard.
I made a few mistakes. With the bugs I made, the challenge became much easier. To make up for it, I decided to make another one, called “The Revenge of Intigriti 0422 Challenge”.
Below is the intended solution to the revenge challenge.
Challenge URL: https://aszx87410.github.io/xss-challenge/revenge-of-intigriti-0422
Challenge URL: https://challenge-0422.intigriti.io/
A while ago, I happened to play a lot of topics related to content type, so I decided to wrote an article about it.
Recently, I encountered many problems related to content type, so I decided to write an article to record them.
It’s a blog post about a few magical features that I have encountered recently. It is not interesting to say it directly. Let’s start with a few small challenges:
Here are a few magical features that I recently encountered. Let’s start with a few challenges:
Last month, I created an XSS challenge and hosted it on my GitHub: https://aszx87410.github.io/xss-challenge/notes/
This is the writeup about the challenge and solutions, including intended and unintended.
I will start from the intended one.
There were two difficult Web questions this time. I solved one, and the other one was unsolvable, but the solution is worth a look. Here’s a brief summary.
