Intigriti XSS Challenge - August 2021 - A venture into prototype pollution

When I started the challenge, I was greeted with this: Hovering over the links, I noticed that the links contained a recipe parameter. So, I opened the link in a new tab. Clearly the parameter was being processed somewhere, so figuring out where it was taking place was important. In…

Stored XSS on the DuckDuckGo search results page

This XSS was accidental. For whatever reason, I was messing about with the searchbar, putting various payloads into it without expecting to find anything. So eventually, I put in the following payload into the searchbar: "><img src=x> And of course, nothing happened. But something caught…