Intigriti

Day 26 of #BugQuest! 🤠 Yesterday's challenge featured a method-specific authorization check where GET requests were protected, but POST/PUT or any other requests bypassed the authorization entirely, allowing attackers to modify any user's profile data. Today's challenge involves GraphQL authorization! This vulnerability pattern was covered on Day 14, where we learned about the importance of finding and testing GraphQL queries & mutations. Can you spot the broken access control in this code snippet? 🐛 Swipe through to see the vulnerable code! As usual, solution will be revealed tomorrow! #BugBounty #HackWithIntigriti #BugQuest

github.com/kulindukody/in… Challenge files for our latest @intigriti monthly CTF 0326 are now live, Happy Hacking 💙!

@zazzintan What would your proof of concept/HTTP request look like? 🧐

@intigriti We retrieve data using only the orderId and it doesn't depend on the userId. Therefore, any logged-in user can access any order if they have its ID

Can you spot the issue? Bonus points if you can provide a PoC! 😎

@krishna27743317 what would your payload look like? 👀

@intigriti It is in where clause for retrieving data

@krishna27743317 how? 🧐

@intigriti SQL Injection in Select query

@BugBunny_ai 👀👀

bunny bounces back

@vulnverse0 @Hacker0x01 💙💙

@intigriti triagers >> @Hacker0x01

@EvilGenius75414 @infernosalex 💯💯

@intigriti @infernosalex Thank you for the swag!

⏰ Intigriti's March Challenge is over! ✅ 71 hackers found the correct solution 📑 19 hacker wrote a cool writeup 🏆 Check out the winners below and drop your write-up in the comments! x.com/intigriti/stat…

@i7z00_ Excellent work!!

Just scored a reward @intigriti, check my profile: app.intigriti.com/profile/iz00 #HackWithIntigriti

@elkalashy0 @ks7X01 still counts as a nice find! 💪

Found another one on @intigriti but @ks7X01 was faster 😄nice finding bro 👏 Still learning, still hunting. — #elkalashy0 #BugBounty #CyberSecurity #intigriti

Day 25 of #BugQuest! 🤠 Yesterday's challenge featured a static keyword swapping technique where the endpoint accepted both "my" and direct workspace IDs, allowing attackers to access other users' workspaces by bypassing a subtle oversight made by the developer. Today's challenge involves another common broken access control vulnerability case. This specific topic was covered on Day 17, where we learned about REDACTED. 😎 Can you spot the broken access control in this code snippet? 🐛 Swipe through to see the vulnerable code! Solution will be revealed tomorrow as usual! #BugBounty #HackWithIntigriti #BugQuest

As Intigriti 0326 wraps up, we're releasing the official write-up for March’s CTF challenge! 🤠 @KulinduKodi presented us with a secure search portal that required chaining a tricky DOM clobbering with a common CSP bypass to achieve client-side code execution on the challenge page on behalf of the admin! 😎 Head over to our hacking blog to read the official write-up! 👇 intigriti.com/researchers/bl…

Hi there, thank you for bringing this up! Our apologies for the delay. We're still in the process of investigating why this payout issue hasn't been resolved yet. We'll keep you updated as we progress. If you have any additional questions, please don't hesitate to contact us. We appreciate your patience in the meantime. Thank you!

@intigriti Hey! Even with your intervention, the payment status is still marked as failed.

I reached out to support 30 days ago and still haven’t received a clear resolution. @intigriti your payment support is awaful.

@marcolivermunz Excited to have you representing the German hacker community as an Ambassador! 💪

🚀 I’m now an @intigriti Hacker Ambassador for Germany 🇩🇪 Kicking things off with my first event: 🔥 Bug Bounty Meetup Stuttgart 📅 April 19, 2026 📍 Shackspace (Ulmer Str. 300, Stuttgart) 🕒 14:00 – Open End All levels welcome 🤝 👉 forms.gle/w1oLU61U8DQxSW…

@mrunal110 @KulinduKodi Thank you! We're glad to have you participate! 💪

Sharing XSS Challenge Writeup - Intigriti March 2026 Result: Full admin cookie exfiltration. Props to @KulinduKodi for the challenge design & @intigriti for the platform! #xss Read the full writeup: chawdamrunal.medium.com/intigriti-marc…

@BadAt_Computers 10.0 🥶🥶

Running hot!

@infernosalex @KulinduKodi All other submitted community write-ups for our past and current challenges will be available in our Bugology 👇 bugology.intigriti.io/intigriti-mont…

@infernosalex @KulinduKodi Have a writeup of your own? Be sure to post them in the comments! 💪 Don't forget to join our discord to stay up to date with the monthly challenge announcements, tips etc go.intigriti.com/discord