> For the complete documentation index, see [llms.txt](https://bugology.intigriti.io/intigriti-monthly-challenges/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://bugology.intigriti.io/intigriti-monthly-challenges/0526.md).

# 0526: Pixel Pioneers

| Name                                                                  | Authors                              | Category                                                  |
| --------------------------------------------------------------------- | ------------------------------------ | --------------------------------------------------------- |
| [Intigriti May Challenge (2026)](https://challenge-0526.intigriti.io) | [Kulindu](https://x.com/KulinduKodi) | DOM clobbering, DOMPurify, stored XSS, DOM-based XSS, XSS |

## Challenge Description

> Find a way to pop an alert and win Intigriti swag! 🏆

## Community Writeups

1. [z3r0x0r](https://medium.com/@0x0meowsec/intigriti-may-2026-challenge-xss-via-stored-payload-sca-shield-bypass-6ab4c1a976c2)
2. [saibalajis6](https://doordiefordream.medium.com/intigriti-ctf-challenge-solution-78889c2dbb3a)
3. [fjordsec](https://gist.github.com/fjordsec/22b8424085c25e7f8ec835219ebd7c58)
4. [kutaysec](https://hackmd.io/@KutaySec/ByRsGqnkMl)
5. [issah721](https://github.com/Issah721/ctf-writeups)
6. [aaqibhussain](https://medium.com/@aaqib9t4/how-i-cracked-intigritis-may-2026-challenge-with-an-unintended-solution-idor-account-takeover-982fa2365b69)
7. [fs0c137y](https://blog.pradeepbhattarai.me/preview/6a1024321f237623ead4c41f)
8. [lobo](https://its-l0bo.github.io/my-write-ups/writeup.html)
9. [hunter\_itx](https://itx-sh3d0w.github.io/my-writeups/)
10. [bl0rph](https://writeups.abdelmounaim.xyz/blog/intigriti0526)
11. [cozyfox](https://gist.github.com/Bild96/6b1535326cb0888eeeb659193ae0594d)
12. [jumapeter736](https://medium.com/@jumapeter736/stored-xss-via-unsanitized-user-name-field-in-testimonials-feed-sca-shield-bypass-873415b73bd2)
13. [ad3sh](https://ad3.sh/writing/Intigriti-May-2026-XSS-Challenge-Writeup)
14. [hasn0x](https://hasn0x.github.io/intigriti-0526/)
15. [aquatester\_404](https://medium.com/@aquatester_404/intigriti-may-challenge-0526-7b5cf03b6f94)
16. [cl4nd3st1ne](https://cl4nd3st1ne.gitbook.io/write-ups/intigriti-challenges/challenge-0526-write-up)
17. [r0m1l](https://challenge-0526intigritiio.hashnode.dev/intigriti-may-2026-ctf-pixel-pioneers-stored-xss-via-unsanitized-username)
18. [destrudo](https://destrudo.hashnode.dev/pixel-pioneers)
19. [rehman0g0](https://medium.com/@skin-security/intigriti-challenge-0526-writeup-stored-xss-via-sca-shield-bypass-4db331a2f6b7)
20. [mith1c](https://mithic.dev/writeups/Intigriti-0526.html)
21. [adonis4621](https://github.com/Adonis4621/intigriti-may-2026-xss)
22. [nervous](https://medium.com/@n70168872/intigriti-challenge-0526-unintended-stored-xss-via-unsanitized-user-name-in-testimonials-feed-c97b6bad47cd)
23. [t27](https://medium.com/@mhqfhvxqbumxepbfvb/intigriti-challenge-0526-write-up-dom-clobbering-to-xss-via-pixelanalyticsconfig-2d0f5fc1022e)
24. [err0n](https://github.com/Er01vkc/write-ups/blob/main/Web/challenge-0526/writeup.md)
25. [k0w4lzk1](https://k0w4lzk1.is-cool.dev/blog/Intigriti)
26. [rawsid1106](https://siddheshphapale.live/bug-bounty-ctf/intigriti-0526.html)
27. [reab](https://0reab.github.io/blog/intigriti_ctf_0526/)
28. [arnav](https://dev.to/arnavkr/intigriti-challenge-0526-writeup-3f74)
29. [zzzquil](https://zzzquil-hunter.github.io/intigriti-0526)
30. [zar](https://github.com/Franc-Zar/CTFsWriteups/tree/main/intigriti/may-challenge-0526)
31. [gkdata](https://gkdata.io/2026/05/26/intigriti-challenge-0526-sca-shield-bypass/)
32. [ryuk0x01](https://medium.com/@Ryuk0x01/intigriti-may-2026-challenge-xss-via-stored-payload-sca-shield-bypass-f1533a20b5bd)
33. [kumamanui](https://blog.syzd.org/2026/05/intigriti-challenge-0526-username-dom.html)
34. [fennec00](https://github.com/n0RollBack00/intigriti-challenge-0526)
35. [djakjak](https://medium.com/@aljzayryaltrath/intigriti-may-2026-ctf-write-up-dom-clobbering-via-mass-assignment-blind-spot-e079d609c20b)
36. [jayce](https://jaycelation.github.io/posts/intigriti-0526-stored-xss-dom-clobbering/)
37. [oussamahtb](https://medium.com/@oussamaelhattab/intigriti-may-2026-xss-challenge-stored-xss-via-username-field-unintended-solution-b9d3273e45c6)
