GrumpinouTinInfoSec Write-upsSolution and explanation of tips for Intigriti’s 0521 XSS challenge — by @GrumpinouTThis month’s (May 2021) XSS challenge by Intigriti was created by me (with some additions by Inti). In this article, I will explain my…8 min read·Jun 7, 2021--1--1
GrumpinouTinInfoSec Write-upsUpgrading XSS Hunter with a basic reverse JavaScript shellBefore you start reading this article, please keep in mind that this is a very basic reverse shell, and still needs a lot of work to get…·5 min read·May 13, 2021----
GrumpinouTinInfoSec Write-upsWeird and very easy authentication bypass found with Google dorkingIn this post, I will explain how I found an authentication bypass, and further explored the functionality of the website, to higher the…3 min read·Apr 5, 2021----
GrumpinouTinInfoSec Write-upsIntigriti’s January XSS ChallengeSolving Intigriti’s January xss challenge9 min read·Feb 1, 2021----
GrumpinouTinInfoSec Write-upsHacking BugPoc’s 18 Game (XSS challenge) hosted by The XXS ratWhy does my title say “Hacking” when it’s just an XSS challenge? Because I didn’t solve the challenge, I hacked the game.4 min read·Jan 21, 2021--1--1
GrumpinouTinThe StartupHow Facebook lies about their privacy settingsWhile I was reading some of Inti De Ceukelaire’s old writeups, I came across “How I got your phone number through Facebook”. Facebook’s…4 min read·Jan 9, 2021----
GrumpinouTinInfoSec Write-upsIntigriti’s December XSS Challenge 2020 (unintended solution)As always, I started with reading the rules. The goal is to execute alert(document.domain) on the challenge-1220.intigriti.io domain. Self…6 min read·Dec 13, 2020--1--1
GrumpinouTinThe StartupSolving Intigriti’s November XSS Challenge With the JavaScript Console.Like you should do with every challenge, I started with reading the rules. Those were clear. The goal was to execute…5 min read·Nov 9, 2020----
GrumpinouTManual broken link monitoringWhen I started with bug bounty hunting, I became interested in all bugs related to URLs, one of my favorite and easy to exploit / find…1 min read·Oct 29, 2020--1--1
GrumpinouTInternship application via broken link takeoverWhile I was looking at companies to do my internship at, I found a company with a link to an nonexistent Twitter account. I thought it…1 min read·Oct 29, 2020----