<!DOCTYPE html>
<html lang="en">
<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type">
<title>
Intigriti November Challenge
</title>
<meta content="summary_large_image" name="twitter:card">
<meta content="@intigriti" name="twitter:site">
<meta content="@intigriti" name="twitter:creator">
<meta content="November XSS Challenge - Intigriti" name="twitter:title">
<meta content="Find the XSS and WIN Intigriti swag." name="twitter:description">
<meta content="https://challenge-1121.intigriti.io/share.jpg" name="twitter:image">
<meta content="https://challenge-1121.intigriti.io" property="og:url">
<meta content="website" property="og:type">
<meta content="November XSS Challenge - Intigriti" property="og:title">
<meta content="Find the XSS and WIN Intigriti swag." property="og:description">
<meta content="https://challenge-1121.intigriti.io/share.jpg" property="og:image">
<link href="https://fonts.googleapis.com/css2?family=Poppins:wght@400;700&display=swap" rel="stylesheet">
<link href="style.css" rel="stylesheet">
</head>
<body>
<section id="wrapper">
<section id="rules">
<div class="card-container" id="challenge-container">
<div class="card-header">
<img alt="creator" class="card-avatar" src="creator.jpg">
Intigriti's November XSS challenge
<br>
By
<a href="https://twitter.com/IvarsVids" target="_blank">
@IvarsVids
</a>
</div>
<div class="card-content" id="challenge-info">
<p>
Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.
</p>
<b>
Rules:
</b>
<ul>
<li>
This challenge runs from 15 November until 21 November, 11:59 PM CET.
</li>
<li>
Out of all correct submissions, we will draw
<b>
six
</b>
winners on Monday, 22nd November:
<ul>
<li>
Three randomly drawn correct submissions
</li>
<li>
Three best write-ups
</li>
</ul>
</li>
<li>
Every winner gets a â¬50 swag voucher for our
<a href="https://swag.intigriti.com/" target="_blank">
swag shop
</a>
</li>
<li>
The winners will be announced on our
<a href="https://twitter.com/intigriti" target="_blank">
Twitter profile
</a>
.
</li>
<li>
For every 100 likes, we'll add a tip to
<a href="https://go.intigriti.com/challenge-tips" target="_blank">
announcement tweet
</a>
.
</li>
<li>
Join our
<a href="https://go.intigriti.com/discord" target="_blank">
Discord
</a>
to discuss the challenge!
</li>
</ul>
<b>
The solution...
</b>
<ul>
<li>
Should work on the latest version of Chrome
<b>
and
</b>
FireFox.
</li>
<li>
Should execute
<code>
alert(document.domain)
</code>
.
</li>
<li>
Should leverage a cross site scripting vulnerability on this domain.
</li>
<li>
Shouldn't be self-XSS or related to MiTM attacks.
</li>
<li>
Should be reported at
<a href="https://go.intigriti.com/submit-solution">
go.intigriti.com/submit-solution
</a>
.
</li>
</ul>
<b>
Test your payloads down below and
<a href="challenge/index.php?s=">
at the challenge page here
</a>
!
</b>
<p>
Let's pop that alert!
</p>
</div>
</div>
<div class="card-container">
<iframe height="600px" src="challenge/index.php?s=security" width="100%">
</iframe>
</div>
</section>
</section>
</body>
</html>