Insecure Referrer Policy and Best-fit Mapping Transformations Lead to Arbitrary Code Execution
Exploit best-fit mapping transformations to execute arbitrary javascript code.
Recent posts
Crafting the Shortest Polyglot to Trigger 14 Contexts
Can you create the shortest XSS vector that triggers in all contexts?
Exploiting a Vue Application using Invalid HTML Syntax
The solution is not as intended but it does include some pretty nice tricks, some of which are borrowed from previous challenges.
Using Invalid HTML Syntax to Bypass a CSP
Broken syntax and weird browser behavior lead to cross-site scripting.
DOM XSS using Prototype Pollution
This challenge is a great introduction to prototype pollution.