Description

Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.

Bounties

This is a responsible disclosure program without bounties.

Rules of engagement
Not applicable
Not applicable
Not applicable
Not applicable

N/A

Domains
In scope

Go to the challenge

Rules:

  • Please do NOT reveal the solution until the challenge is over! After that, feel free to send us your videos / writeups and we'll share them. If you'd like to have your writeup qualify for the contest, send it in before Wednesday!
  • This challenge runs from Friday the 9th of May until Friday the 16th of May, 11:59 PM UTC.
  • Out of all correct submissions, we will announce seven winners on Monday, the 19th of May: (3 randomly drawn, 3 best write-ups, 1 first blood)
  • First blood will receive a €100 swag voucher for our swag shop.
  • Every randomly drawn winner and best writeup winner gets a €50 swag voucher for our swag shop.
  • The winners will be announced on our Twitter profile.
  • For every 50 likes, we'll add a tip to the announcement tweet.
  • Join our Discord server to discuss the challenge!

The solution...

  • Should work on the latest version of FireFox and Chromium, not Safari
  • Should pop an alert
  • Should leverage a cross site scripting vulnerability on this domain.
  • Shouldn't be self-XSS or related to MiTM attacks.
  • You are not allowed to use a previous XSS challenge in order to solve this one.
  • Should be reported on the Intigriti platform.

For the writeup content, make sure to add a (hidden) link to your writeup in the report or comments before the challenge has ended! We'll link them on our gitbook afterwards.

If you wish to get @'ed on Twitter, link your Twitter with your Intigriti profile!

Out of scope

N/A

Severity assessment

Please submit as medium.

FAQ

N/A

All aboard!
Please log in or sign up on the platform

For obvious reasons we can only allow submissions or applications for our program with a valid Intigriti account.

It will only take 2 minutes to create a new one or even less to log in with an existing account, so don't hesitate and let's get started. We would be thrilled to have you as part of our community.

Program specifics
Not managed by Intigriti
Overall stats
submissions received
17
average payout
N/A
accepted submissions
N/A
total payouts
N/A
Last 90 day response times
avg. time first response
< 1 hour
Activity
5/11
logo
leonsirio
created a submission
5/11
logo
package
created a submission
5/11
logo
romeokarki
created a submission
5/10
logo
cozyfox
created a submission
5/10
logo
stealthcopter
created a submission
5/10
logo
frevadiscor
created a submission
5/10
logo
panya
created a submission
5/10
logo
un1tycyb3r
created a submission
5/10
logo
egl
created a submission
5/10
logo
tarampampam
created a submission