Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.
Rules:
- The challenge runs from 9/05/25 2:00 PM until 16/05/25, 11:59 PM UTC ⏰
- First blood will win a €100 swag voucher! 🩸
- In addition, we will select six winners on Monday the 19th of May:
- Three random correct submissions
- Three best write-ups (or videos) (learn
more)
- Every winner gets a €50 swag voucher for our swag
shop.
- The winners will be announced on our Twitter
profile.
- For every 50 likes, we'll add a tip to announcement
tweet.
- Join our Discord to
discuss
the
challenge!
The solution...
- Should work on the latest version of FireFox and Chromium, not Safari
- Should pop an alert
- Should leverage a cross site scripting vulnerability on this domain.
- Shouldn't be self-XSS or related to MiTM attacks.
- You are not allowed to use a previous XSS challenge in order to solve this one.
- Should be reported on the Intigriti
platform.
Test your payloads down below and on the challenge page here!
Let's pop that alert!
To be eligible for the writeup competition, you must submit a writeup before the
challenge ends. The
earlier you submit, the more time we'll have to review.
We ask that you ensure the writeup is not public until the challenge ends, e.g.
- Upload the writeup to a private repo, git gist, medium blog or personal website, and
share the URL in your
report. Once the challenge ends, you can make it public.
- Send us a PDF/MD/HTML/ZIP to review, making sure to provide a URL
before we publish the
results (e.g. if it ends at midnight, send the link before 11am UTC next day).
If you'd like us to tag you on Twitter when sharing the writeup, double-check your Twitter
handle is listed on your
intigriti profile 🙂
Finally, please ensure your writeup is public by the time we post results on social media.
If the writeup is still
private, or the link doesn't work, we won't post it. The writeup should also be a reasonable
format, e.g. we won't
share links to file-sharing websites, hosting a password-protected ZIP archive 😬
Regardless of whether you win the competition, we'll share your writeup on social media and
link it on our
gitbook!
Back to Challenge Info
Intigriti's May challenge by @joaxcar