After a long time, this month I had the opportunity to attend in the monthly CTF provided by INTIGRITI. As part of the learning process I really recommend everybody to attend on this, it is a mind-blowing experience, you can find more information about the CTF and many other things in the Intigriti's discord community . The CTF is available through the link https://challenge-1223.intigriti.io/challenge.php Here we go!! Summary At first glance, the target is a simple HTML page containing a text box where the payloads should be sent. Also, it shows the regex that is being applied to check the text. If we pass some malicious payload it is going to catch it. Recon Also in the page, the challenge is providing to us the source code running on the server side, let's go through it. Summarizing the source code, it is using php Smarty template engine to render the pages. More below, we can see two IF clauses; The first will redirect you case the text posted is not being submitted by t

Before everything, I should say that it was a very hard Challenge, I spent many hours but I managed to  solve it, here we go! Summary The XSS challenge  hosted by Intigirti occurs once a month, you can  follow  them on Twitter to stay tuned about upcoming challenges and other nice infosec contents, I really recommend you to try those challenges as it is a good source for learning and they are always very challenging. The challenge created by @IvarsVids was available on https://challenge-1121.intigriti.io/ challenge instructions page Context As usual, in the XSS challenge we need to find a way to execute the XSS alert(document.domain). This time the scenario was a bit different, there was a Vuejs page with php extension which receives text input from users in the challenge page. challenge page Reconnaissance The Challenge page receives a request parameter called s with the input value, and it results in the vuejs.php page being loaded which forwards some redirects, let's check it b

 Today I'm going to write about the XSS Challenge 1021 from Intigriti which I was able to manage! Summary The XSS challenge  hosted by Intigirti occurs once a month, you can follow them on Twitter to stay tuned about upcoming challenges and other nice infosec contents, I really recommend you to try those challenges as it is a good source for learning and they are always very challenging. The challenge was available on https://challenge-1021.intigriti.io/ Context The challenge was about executing an XSS where alert(document.domain) would be executed and it could not be a self-XSS. part 1 of 2 - challenge page Reconnaissance The page was composed by the Instructions as well as an Iframe with the page below. Reading the message we can see an information that could be relevant during the tests, a request parameter ?html= . Also, as there is only an Iframe and no input field, the only way to insert the XSS would be through the url. part 2 of 2 - challenge page Checking the page using t

You may be wondering what the hell this image means... This is a summary photo of a possible attack vector that I found on iCloud, but either way, don't pay attention to my poor image handling skills, in the end, you will have a clear view of this image. Introduction In this post, I’m going to share a vulnerability that I found in ICloud that could allow an attacker to execute malicious code in another iCloud account. We will see how the attack could be exploited and what an attacker could do in the victims’ accounts.   Apple and the iCloud In December 2020, I came across an amazing tweet of a group of researchers who hacked Apple for 3 Months. In the blog post shared in the tweet, 55 vulnerabilities in the Apple domain are explained. I spent long hours reading the great content, and then I decided to try to hack Apple as well. New writeup: "We Hacked Apple for 3 Months: Here’s What We Found" Featuring... @bbuerhaus , @NahamSec , @erbbysam , and @_StaticFlow_ https://t.c