# 0223: Leek NFT

| Name                                                                       | Authors                                     | Category                 |
| -------------------------------------------------------------------------- | ------------------------------------------- | ------------------------ |
| [Intigriti February Challenge (2023)](https://challenge-0223.intigriti.io) | [Dr Leek](https://twitter.com/x64pr0fessor) | Prototype Poisoning, XSS |

## Video Walkthrough

[![Prototype Poisoning?! - Solution to February '23 Challenge](https://img.youtube.com/vi/CWgMRhzdoxo/0.jpg)](https://www.youtube.com/watch?v=CWgMRhzdoxo)

## Challenge Description

> Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.

## Useful Resources

* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [Prototype poisoning](https://fastify.dev/docs/latest/Guides/Prototype-Poisoning)
* [EXIF XSS](https://gokulvinesh.medium.com/rce-xss-via-image-exif-metadata-dddf33dadb41)

## Community Writeups

1. [c0nrad](https://www.youtube.com/watch?v=05p5EyzubtE)
2. [goku-kaioken](https://github.com/goku-KaioKen/intigriti/blob/main/challenge-writeups/Challenge-0223.pdf)
3. [piyush-paliwal](https://piyush-paliwal.medium.com/intigritis-feb-23-xss-challenge-writeup-ca6bf989094f)
4. [hamzaavvan](https://hamzaavvan.medium.com/cracked-xss-challenge-0223-by-dr-leek-fd5e07bfe1e5)
5. [jorenverheyen](https://jorenverheyen.github.io/intigriti-february-2023.html)