Skip to content
/ XSSChallenge-December22 Public

The code for the December 2022 Intigriti XSS challenge.

2 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

FHantke/XSSChallenge-December22

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

11 Commits
challenge
challenge
 
 
solution
solution
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
docker-compose.yml
docker-compose.yml
 
 

Repository files navigation

XSS Challenge - December 22

This repository contains the code and the intended solution for the December XSS challenge of Intigriti's monthly challenge.

Difficulty

The challenge difficulty depends on your settigns inside of docker-compose.yml and can be set to either medium or hard. For the monthly challenge, we choose to set the difficulty to medium. However, the challenge also contained an unintended solution which made it very easy to solve (read the writeups below).

Setup

Everything you need to setup the challenge is inside the challenge directory. You can use docker to start it:

docker-compose up

In case of issues with the psycopg2 package on M1 Macs, try the following: export DOCKER_DEFAULT_PLATFORM=linux/amd64

Goal

The goal is to alert the victims' username. Your payload should work in the latest version of Chrome and FireFox. It should also not require any kind of user interaction except the user clicking on your malicious URL.

Solution

The intended solution and an explination is inside the solution directory. DO NOT SPOILER YOURSELF!

There are also a couple of writeups from the community for the intended and unintended solution:

About

The code for the December 2022 Intigriti XSS challenge.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages