Challenge 0725 - Bug Bounty Program - Intigriti

Description

Find the FLAG and win Intigriti swag! 🏆

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement

@intigriti.me

Not applicable

User agent

Not applicable

Automated tooling

Not applicable

Request header

Not applicable

N/A

Safe harbour for researchers is applied

Assets

https://challenge-0725.intigriti.io

Tier 2

URL

In scope

Rules:

This challenge runs from 11/07/2025 4:00 PM until 18/07/2025, 11:59 PM UTC.

Out of all correct submissions, we will draw six winners on Monday 21/07/2025:

Three randomly drawn correct submissions
Three best write-ups

Every winner gets a €50 swag voucher for our swag shop

The winners will be announced on our X profile.

For every 100 likes, we'll add a tip to announcement post.

Join our Discord to discuss the challenge!

The solution:

Should leverage an RCE on the server without sandbox.
Shouldn't exploit a 0-day or Chromium RCE.
Should include:
The flag in the format CTF{.*}
The payload(s) used
Steps to solve (short description / bullet points)
Should be reported on the Intigriti platform.

Get started:

Download the challenge source code!

Solve it locally!
Repeat your attack against the challenge server.

Out of scope

N/A

Severity assessment

N/A

FAQ

N/A

All aboard!

Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Log in or sign up

Activity

7/10

intigriti updated the confidentiality level to public

7/10

intigriti updated the confidentiality level to registered

7/10

intigriti updated the confidentiality level to application

7/10

Challenge 0725

launched