A collection of all monthly Intigriti XSS challenges that I made writeups of. Learn a lot about Web and Cross-Site Scripting vulnerabilities
Intigriti May XSS Challenge (0525)
A challenge by @joaxcar with a small but complex XSS chain, hitting DOM Clobbering with a race condition and abusing a cool URL parsing quirk in JavaScript.
Intigriti March XSS Challenge (0325)
A hard Cross-Site Scripting challenge chaining small bugs with one very hard step to leak a fragment directive using Self XSS
Intigriti March XSS Challenge (0324)
A Cross-Site Scripting challenge from Intigriti involving prototypes without pollution, lowercase Unicode characters, and a trick to execute arbitrary JavaScript with a tiny payload.
Intigriti January XSS Challenge (0124)
Monthly Cross-Site Scripting (XSS) challenge involving DOM Clobbering, Prototype Pollution in Axios, and finding your own gadgets by reverse engineering minified code using Sourcemaps
Intigriti July XSS Challenge (0722)
A Cross-Site Scripting challenge where you need to do 2 nested SQL Injections to finally place your payload, and bypass CSP using googleapis.com
Intigriti May XSS Challenge (0522)
A Prototype Pollution challenge with a CVE in a jQuery plugin. Bypass a filter by setting our own options to get XSS
Intigriti October XSS Challenge (1021)
An XSS challenge by Intigriti where you manipulate the DOM to fix JavaScript syntax and execute your code