https://giuseppedandrea.it/categories/write-up/ Recent content in Write-Up on Giuseppe D'Andrea Hugo en Tue, 24 Mar 2026 00:00:00 +0000 https://giuseppedandrea.it/posts/intigriti-challenge-0326/ Tue, 24 Mar 2026 00:00:00 +0000 https://giuseppedandrea.it/posts/intigriti-challenge-0326/ <h2 id="introduction"> Introduction <a class="heading-link" href="#introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>Hi folks! This write-up documents my solution to <a href="https://challenge-0326.intigriti.io/" class="external-link" target="_blank" rel="noopener">Intigriti&rsquo;s March 2026 Challenge</a> created by <a href="https://x.com/KulinduKodi" class="external-link" target="_blank" rel="noopener">Kulindu</a>. The goal was to find a hidden flag (in the format <code>INTIGRITI{.*}</code>) by exploiting a chain of client-side vulnerabilities in a fictional threat intelligence portal called &ldquo;Secure Search Portal&rdquo;.</p> <p>This was a really fun and creative challenge! Let&rsquo;s dive into the solution!</p> <div class="notice warning"> <div class="notice-title"> <i class="fa-solid fa-exclamation-triangle" aria-hidden="true"></i>Warning </div> <div class="notice-content"><strong>Spoiler Alert!</strong> This write-up contains the complete solution with detailed exploitation steps. If you want to attempt the challenge yourself first, stop reading now and head over to the <a href="https://challenge-0326.intigriti.io/" class="external-link" target="_blank" rel="noopener">challenge page</a>!</div> </div> <h2 id="source-code-analysis"> Source code analysis <a class="heading-link" href="#source-code-analysis"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>The challenge presents a &ldquo;Secure Search Portal&rdquo;, a search interface that reflects user input back onto the page and allows users to report URLs to an admin.</p> https://giuseppedandrea.it/posts/intigriti-challenge-santacloud/ Sat, 03 Jan 2026 00:00:00 +0000 https://giuseppedandrea.it/posts/intigriti-challenge-santacloud/ <h2 id="introduction"> Introduction <a class="heading-link" href="#introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>Hi folks! This write-up documents my solution to <a href="https://santacloud.intigriti.io/" class="external-link" target="_blank" rel="noopener">Intigriti&rsquo;s SantaCloud Challenge</a> created by <a href="https://x.com/intigriti" class="external-link" target="_blank" rel="noopener">Intigriti</a>. The goal was to compromise and retrieve a hidden flag from the &ldquo;SantaCloud&rdquo; portal, a supply chain management system to access inventory management, track distribution, and coordinate logistics.</p> <p>The challenge was relatively straightforward and didn&rsquo;t require sophisticated exploitation techniques. Instead, it rewarded thorough but standard reconnaissance. Despite its simplicity, it was a fun and satisfying solve.</p> https://giuseppedandrea.it/posts/intigriti-challenge-1125/ Tue, 25 Nov 2025 00:00:00 +0000 https://giuseppedandrea.it/posts/intigriti-challenge-1125/ <h2 id="introduction"> Introduction <a class="heading-link" href="#introduction"> <i class="fa-solid fa-link" aria-hidden="true" title="Link to heading"></i> <span class="sr-only">Link to heading</span> </a> </h2> <p>Hi folks! This write-up documents my solution to <a href="https://challenge-1125.intigriti.io/" class="external-link" target="_blank" rel="noopener">Intigriti&rsquo;s November 2025 Challenge</a> created by <a href="https://x.com/intigriti" class="external-link" target="_blank" rel="noopener">Intigriti</a>. The goal was to find a hidden flag (in the format <code>INTIGRITI{.*}</code>) by exploiting a Remote Code Execution (RCE) vulnerability in a fictional e-commerce platform called &ldquo;AquaCommerce!&rdquo;.</p> <p>This marks my first attempt at an Intigriti challenge, and I have to say that it was a really fun (and &ldquo;easy&rdquo;) one! Let&rsquo;s dive into the solution!</p>