N/A

Go to the challenge

Rules:

• Please do NOT reveal the solution until the challenge is over! After that, feel free to send us your videos / writeups and we'll share them. If you'd like to have your writeup qualify for the contest, send it in before Thursday!
• This challenge runs from Wednesday the 11th of December until Wednesday the 18th of December, 11:59 PM UTC.
• Out of all correct submissions, we will announce eleven winners on Thursday, the 19th of December: (5 randomly drawn, 5 best write-ups, 1 first blood)
• First blood will receive a €100 swag voucher for our swag shop.
• Every randomly drawn winner and best writeup winner gets a €50 swag voucher for our swag shop.
• The winners will be announced on our Twitter profile.
• For every 100 likes, we'll add a tip to the announcement tweet.
• Join our Discord server to discuss the challenge!

The solution...

• Should execute alert(document.domain).
• Should work on the latest version of Chrome and FireFox.
• Should leverage a cross site scripting vulnerability on this domain.
• Shouldn't be self-XSS or related to MiTM attacks.
• Should require no user interaction.
• Should be reported at go.intigriti.com/submit-solution.

For the writeup content, make sure to add a (hidden) link to your writeup in the report or comments before the challenge has ended! We'll link them on our gitbook afterwards.

If you wish to get @'ed on Twitter, link your Twitter with your Intigriti profile!

Please submit as medium severity.

N/A