Description

Find an XSS vulnerability on https://challenge-0521.intigriti.io and win Intigriti swag. This is a guest challenge created by https://twitter.com/grumpinout, based on a real-world vulnerability!

Bounties

Responsible disclosure

Domains

https://challenge-0521.intigriti.io

Tier 2
URL
In scope

Go to the challenge

Rules:

  • Please do NOT reveal the solution until the challenge is over! After that, feel free to send us your videos / writeups and we'll share them. If you'd like to have your writeup qualify for the contest, send it in before monday!
  • This challenge runs from May 31th until June 7th, 11:59 PM CET.
  • Out of all correct submissions, we will draw six winners on Monday, June 8th (3 randomly drawn, 3 best write-ups)
  • Every winner gets a €50 swag voucher for our swag shop.
  • The winner will be announced on our Twitter profile.
  • For every 100 likes, we'll add a tip to the announcement tweet.

The solution...

  • Should be reported on this program
  • Should work on the latest version of Firefox or Chrome
  • Should leverage a cross site scripting vulnerability on the challenge domain (javascript should execute on challenge-0521.intigriti.io)
  • Shouldn't be self-XSS or related to MiTM attacks
  • Shall not be publicly disclosed before the program ends
Out of scope

N/A

Rules of engagement

N/A

Safe harbour for researchers

CTF considers ethical hacking activities conducted consistent with the Researcher Guidelines, the Program description and restrictions (the Terms) to constitute “authorized” conduct under criminal law. CTF will not pursue civil action or initiate a complaint for accidental, good faith violations, nor will they file a complaint for circumventing technological measures used by us to protect the scope as part of your ethical hacking activities.

If legal action is initiated by a third party against you and you have complied with the Terms, CTF will take steps to make it known that your actions were conducted in compliance and with our approval.

Severity assessment

Please send in your submission as medium.

FAQ

N/A

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Program specifics
ID check required
Reputation points
Triage
Researchers
last contributors
logo
logo
logo
logo
logo
logo
leaderboard
logo
logo
logo
logo
logo
logo
Overall stats
submissions received
79
average payout
N/A
accepted submissions
70
total payouts
N/A
Last 90 day response times
avg. time first response
< 2 hours
avg. time to decide
< 24 hours
Activity
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission
6/7
CTF
closed a submission