logo

DOJO CHALLENGE #17 Winners!

ID: 17e9b737-31d6-509f-8b7f-5f90a1d73d58

STIX ID: report--17e9b737-31d6-509f-8b7f-5f90a1d73d58

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
15/100

Date Published: 2022-06-13

Date Updated: 2026-07-04

...
...

This write-up documents an XSS challenge where the attacker-controlled $inject attribute on a script tag is used to load an external JS file that waits for a const-defined `secret` variable to be created, then displays it via alert; it also describes bypassing a replacement that blocks literal slashes by using the HTML entity `/`.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.