intigriti/SantaCloud Challenge/Detail
Detail Leaderboard
Description

Find the FLAG and win Intigriti swag! 🏆

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement
Not applicable
Not applicable
max. 1 request /sec
Not applicable

N/A

Assets
tier
All
type
All
https://santacloud.intigriti.io
URL
Tier 2
In scope

Rules:

This challenge runs from 25/12/2025 12:00 PM until 31/12/2025, 11:59 PM UTC.

  • Out of all correct submissions, we will draw six winners on Monday 05/01/2025:
    • Three randomly drawn correct submissions
    • Three best write-ups
  • Every winner gets an exclusive limited-edition t-shirt
  • The winners will be announced on our X profile.
  • For every 100 likes, we'll add a tip to announcement post.
  • Join our Discord to discuss the challenge!

The solution:

  • Should leverage a vulnerability on the challenge page.
  • Shouldn't be self-XSS or related to MiTM attacks.
  • Should require no user interaction.
  • Should require no bruteforcing (if you have to, keep requests below 1 req/sec).
  • Should include:
    • The payload(s) used
    • Steps to solve (short description / bullet points)
  • Should be reported on the Intigriti platform.

Get started:

  1. Repeat your attack against the challenge server!
Out of scope

N/A

Severity assessment

This program follows Intigriti's triage standards based on the proof of concept.

FAQ

N/A

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Program specifics
Not managed by Intigriti
Activity
12/25
SantaCloud Challenge
launched