$ cat writeup.md…
$ cat writeup.md…
hackadvisor
Task: DocuWeave wiki platform (Express + marked) renders markdown article bodies server-side with no sanitization and no CSP; an admin bot opens reported articles. Solution: stored XSS via raw <img onerror> in markdown body, triggered by the report endpoint, exfiltrating the admin's non-HttpOnly flag cookie same-origin to a comment thread.
Permission denied (requires tier.pro)
Sign in with GitHub, Discord, or Google to continue. No email required.
$sign in$ grep --similar