GrumpinouTinInfoSec Write-upsSolution and explanation of tips for Intigriti’s 0521 XSS challenge — by @GrumpinouTThis month’s (May 2021) XSS challenge by Intigriti was created by me (with some additions by Inti). In this article, I will explain my…Jun 7, 20211Jun 7, 20211
GrumpinouTinInfoSec Write-upsUpgrading XSS Hunter with a basic reverse JavaScript shellBefore you start reading this article, please keep in mind that this is a very basic reverse shell, and still needs a lot of work to get…May 13, 2021May 13, 2021
GrumpinouTinInfoSec Write-upsWeird and very easy authentication bypass found with Google dorkingIn this post, I will explain how I found an authentication bypass, and further explored the functionality of the website, to higher the…Apr 5, 2021Apr 5, 2021
GrumpinouTinInfoSec Write-upsIntigriti’s January XSS ChallengeSolving Intigriti’s January xss challengeFeb 1, 2021Feb 1, 2021
GrumpinouTinInfoSec Write-upsHacking BugPoc’s 18 Game (XSS challenge) hosted by The XXS ratWhy does my title say “Hacking” when it’s just an XSS challenge? Because I didn’t solve the challenge, I hacked the game.Jan 21, 20211Jan 21, 20211
GrumpinouTinThe StartupHow Facebook lies about their privacy settingsWhile I was reading some of Inti De Ceukelaire’s old writeups, I came across “How I got your phone number through Facebook”. Facebook’s…Jan 9, 2021Jan 9, 2021
GrumpinouTinInfoSec Write-upsIntigriti’s December XSS Challenge 2020 (unintended solution)As always, I started with reading the rules. The goal is to execute alert(document.domain) on the challenge-1220.intigriti.io domain. Self…Dec 13, 20201Dec 13, 20201
GrumpinouTinThe StartupSolving Intigriti’s November XSS Challenge With the JavaScript Console.Like you should do with every challenge, I started with reading the rules. Those were clear. The goal was to execute…Nov 9, 2020Nov 9, 2020
GrumpinouTManual broken link monitoringWhen I started with bug bounty hunting, I became interested in all bugs related to URLs, one of my favorite and easy to exploit / find…Oct 29, 20201Oct 29, 20201
GrumpinouTInternship application via broken link takeoverWhile I was looking at companies to do my internship at, I found a company with a link to an nonexistent Twitter account. I thought it…Oct 29, 2020Oct 29, 2020