Challenge 0126 - Bug Bounty Program

Description

Come play our monthly challenge!

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement

@intigriti.me

Not applicable

User agent

Not applicable

Automated tooling

Not applicable

Request header

Not applicable

N/A

Safe harbour for researchers is applied

Assets

https://challenge-0126.intigriti.io

URL

Tier 2

In scope

Rules:

This challenge runs from 20/01/2026 12:00 PM until 27/01/2026, 11:59 PM UTC.

Out of all correct submissions, we will draw six winners on Wednesday 25/01/2026:
- Three randomly drawn correct submissions
- Three best write-ups
Every winner gets a €50 swag voucher for our swag shop
The winners will be announced on our X profile.
For every 100 likes, we'll add a tip to announcement post.
Join our Discord to discuss the challenge!

The solution:

Should leverage a XSS vulnerability on the challenge page.
Shouldn't be self-XSS or related to MiTM attacks.
Should work in the latest version of Google Chrome.
Should not require more than 1 click from the victim.
Should include:
- The flag in the format INTIGRITI{.*}
- The payload(s) used
- Steps to solve (short description / bullet points)
Should be reported on the Intigriti platform.

Get started:

Test your payloads on the challenge page
Submit your proof of concept on the submission page to capture your flag!

Out of scope

N/A

Severity assessment

This program follows Intigriti's triage standards based on the proof of concept.

FAQ

N/A

All aboard!

Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Program specifics

Not managed by Intigriti

Activity

1/20

Challenge 0126

launched

Product types

Platform

For customers

Industries we serve

Resources

Plans to suit your security testing needs

Learn more about our company

About Intigriti

Useful links

Rules:

The solution:

Get started:

Product types

Bug bounty

PTaaS

Managed VDP

Live hacking events

Platform

Platform tour

Integrations

Trust center

For customers

Additional demos

Knowledge base

Uptime and status

Changelog

Industries we serve

Retail

Gaming and eSports

Finance and Insurance

Leisure and Hospitality

B2B SaaS

Telecommunications

Government and Public services

Transport & Logistics

Healthcare

Resources

Customer stories

Blog

Datasheets

Ebooks

Webinars

Shorts

Events

Plans to suit your security testing needs

Core

Premium

Enterprise

Learn more about our company

About us

Leadership

Careers

Contact us

About Intigriti

How it works

Public programs

Useful links

Leaderboard

Learn to hack

Swag shop

Newsletter

Bug bounty talks

Blog

Rules:

The solution:

Get started: