Find the FLAG and win Intigriti swag! 🏆

Rules:

• The challenge runs from 24/03/25 2:00 PM until 01/04/25, 11:59 PM UTC ⏰
• First blood will win a €100 swag voucher! 🩸
• In addition, we will select six winners on Wednesday the 2nd of April:
  • Three random correct submissions
  • Three best write-ups (or videos) (learn more)
• Every winner gets a €50 swag voucher for our swag shop.
• The winners will be announced on our Twitter profile.
• For every 50 likes, we'll add a tip to announcement tweet.
• Join our Discord to discuss the challenge!

The solution:

• Should work on the latest version of Chromium and FireFox.
• Should leverage a cross site scripting vulnerability on this domain.
• Shouldn't be self-XSS or related to MiTM attacks.
• Should include:
• The flag in the format INTIGRITI{.*}
• The payload(s) used
• Steps to solve (short description / bullet points)
• Should be reported on the Intigriti platform.
• View the full challenge-specific goals/rules here

Get started:

1. Download the challenge source code!
2. Solve it locally!
3. Repeat your attack against the challenge server.

To be eligible for the writeup competition, you must submit a writeup before the challenge ends. The earlier you submit, the more time we'll have to review.

We ask that you ensure the writeup is not public until the challenge ends, e.g.

• Upload the writeup to a private repo, git gist, medium blog or personal website, and share the URL in your report. Once the challenge ends, you can make it public.
• Send us a PDF/MD/HTML/ZIP to review, making sure to provide a URL before we publish the results (e.g. if it ends at midnight, send the link before 11am UTC next day).

If you'd like us to tag you on Twitter when sharing the writeup, double-check your Twitter handle is listed on your intigriti profile 🙂

Finally, please ensure your writeup is public by the time we post results on social media. If the writeup is still private, or the link doesn't work, we won't post it. The writeup should also be a reasonable format, e.g. we won't share links to file-sharing websites, hosting a password-protected ZIP archive 😬

Regardless of whether you win the competition, we'll share your writeup on social media and link it on our gitbook!

Back to Challenge Info