December CTF Challenge: Chaining XS leaks and postMessage XSS

intigriti.com · Ayoub · 2 months ago
0 net
At Intigriti, we host monthly web-based Capture The Flag (CTF) challenges as a way to engage with the security researcher community. December's challenge by Renwa took inspiration from the Marvel Cinematic Universe, specifically Thanos's quest to collect all six Infinity Stones. This challenge required us to chain multiple client-side vulnerabilities across different subdomains to ultimately achieve XSS on the main challenge page. This article provides a step-by-step walkthrough for solving Deceā€¦
← Back to stories