logo

DOJO CHALLENGE #15 Winners!

ID: 4797dd71-4b07-58f6-a1ee-a0d68de76b5c

STIX ID: report--4797dd71-4b07-58f6-a1ee-a0d68de76b5c

Feed Name: YesWeHack Blog | Cybersecurity Insights and Bug Bounty Trends| RSS Feed

Threat Score
35/100

Date Published: 2022-02-28

Date Updated: 2026-07-04

...
...

This write-up documents a successful Web Application Firewall (WAF) bypass and DOM-based XSS exploit in a challenge environment: the author analyzes the WAF filtering rules, iteratively constructs an encoded payload to break out of an img alt attribute, and uses encoding/alternate syntax (URL-encoding, backticks, hex/unicode escapes) to set an application variable to "Admin" and trigger an alert. The report includes source context, step-by-step reasoning, and the final payload used to achieve arbitrary JavaScript execution.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.