# 1125: AquaCommerce! | Name | Authors | Category | | -------------------------------------------------------------------------- | ------------------------------------ | --------- | | [Intigriti November Challenge (2025)](https://challenge-1125.intigriti.io) | [intigriti](https://x.com/intigriti) | JWT, SSTI | ## Challenge Description > Find a way to capture the flag and win Intigriti swag! 🏆 ## Solution (official write-up from intigriti) Read it [here](https://www.intigriti.com/researchers/blog/hacking-tools/november-ctf-challenge-exploiting-jwt-vulnerabilities) ## Community Writeups 1. [ludwig](https://vodanh1903.github.io/archives/Intigriti's-November-Challenge/) 2. [zar](https://github.com/Franc-Zar/CTFsWriteups/tree/main/intigriti/november-challenge-1125) 3. [m0habozaid](https://medium.com/@mohamedabozaid961/intigritis-1125-challenge-walk-through-3e3c391f7699) 4. [ambush](https://medium.com/@ambushneupane4/intigriti-challenge-from-a-none-jwt-to-full-jinja2-rce-340c49b9b314) 5. [umarzia](https://medium.com/@umarziya15/intigriti-november-challenge-1125-full-exploit-chain-jwt-algorithm-confusion-jinja2-ssti-rce-acc504787d5c) 6. [machiavelli](https://machiavelli.me/Intigriti_Challenge_1125) 7. [p5n\_dsj](https://trafiiik.com/posts/Intigriti1125writeup/) 8. [aliyankhan20](https://medium.com/@phantom_hat/intigriti-challenge-1125-remote-code-execution-via-jwt-bypass-ssti-af66a948c56f) 9. [aliali\_0541](https://medium.com/@aliali0541/intigriti-challenge-1125-write-up-ssti-rce-flag-extraction-e48b724c4cb1) 10. [cipruska](https://medium.com/@hcanparlayan/%EF%B8%8F-my-first-write-up-breaking-jwt-achieving-rce-in-intigritis-november-2025-challenge-edad7ddbabda?postPublishedType=repub) 11. [rrehlert](https://medium.com/@rrehlert/from-alg-none-to-rce-solving-the-intigriti-1125-challenge-8772e2b9cbf5) 12. [abdox2](https://medium.com/@Abdox11/intigriti-challenge-1125-writeup-1d27c57a15a0) 13. [tylerhuff](https://medium.com/@jhwtkwynf/my-first-time-5f5432de72a6) 14. [boffman](https://gist.github.com/boffman/cb482a23d2a050aba7335f62128f7b52) 15. [theczar](https://medium.com/@TheCzar/intigriti-monthly-challenge-writeup-jwt-abuse-admin-panel-ssti-rce-flag-9879494d8e00) 16. [alfa\_x](https://ashifiqubal.com/posts/web_hacking/ctf/intigriti_ctf_1125/) 17. [0xmoh](https://medium.com/@ashramohammed764/d48af2f105b6) 18. [quintanilha\_sh](https://eduquintanilha.github.io/posts/writeup-intigriti-1125/) 19. [b13ss3d](https://medium.com/@bssd1358/intigritis-november-challenge-writeup-7483f49067d1) 20. [brave\_](https://medium.com/@brave___/intigriti-challenge-1125-authentication-bypass-to-remote-code-execution-5b6360c7f169) 21. [phlm0x](https://phlmox.medium.com/intigritis-xss-challenge-1125-writeup-867432898ec0) 22. [julichaan](https://julichaan.gitbook.io/julichaan-docs/intigriti-challenges-writeups/november-2025-1125) 23. [d4ndr3w](https://giuseppedandrea.it/posts/intigriti-challenge-1125/) 24. [savi0r](https://medium.com/@savi0r/intigriti-challenge-1125-jwt-confusion-to-ssti-rce-my-fastest-ctf-solve-ever-43d43df4182c) 25. [mohammad313](https://drive.google.com/file/d/1FLbsHIiUc6cxZ2gXswxNNNzWMhbdMH2f/view?usp=drive_link) 26. [pawpawhacks](https://tomfieber.github.io/Writeups/intigriti/challenges/1125-challenge/) 27. [huzaifa855](https://medium.com/@meharhuzaifa777/intigriti-challenge-1125-jwt-algorithm-confusion-5d13ecc9c582) 28. [ndkhai](https://www.notion.so/Intigriti-Challenge-1125-Write-Up-2b19408ba7e08001a958e7db38094a4a) 29. [ay0ub\_n0uri](https://blog.ayoubnouri.me/blog/ctf-intigriti-1125) 30. [heinowski](https://medium.com/@banertheinrich/jwt-privilege-escalation-to-container-rce-via-jinja2-ssti-intigriti-challenge-beadf4185f12?postPublishedType=initial) 31. [p0psec](https://drive.google.com/drive/folders/1pPck2z8JdKj8CAjUCLgeaYZZBQhnKPMF?usp=share_link) 32. [kutaysec](https://hackmd.io/@KutaySec/rJZt1T_ebe) 33. [voidpacket](https://github.com/VOIDPACKET-VP/Labs-Documentation/blob/main/Intigriti%20chall/1125.md) 34. [psytester](https://psytester.github.io/Intigriti_CTF_1125/) 35. [magicsale](https://medium.com/@msfire/intigriti-challenge-1125-from-jwt-bypass-to-rce-12366a11e530) 36. [r4id\_](https://jorenverheyen.github.io/intigriti-november-2025.html) 37. [whymir](https://ymiir.gitbook.io/nota/2025-stuff/machine-writeup/bug-bounty-platform/challenge-1125) 38. [quantum\_nomad](https://github.com/noelia-alt/intigriti-challenge-1125-writeup) 39. [bhavan101](https://medium.com/@bxploit.infosec/intigriti-november-challenge-2025-from-jwt-forgery-to-rce-in-aquacommerce-9db2824f275b) 40. [qualwin38000](https://hackmd.io/@qualw1n/HJzcdnuxbe) 41. [tr1s](https://medium.com/@tr1st3/intigriti-challenge-november-b816c6c86a36)