# 0323: Incomplete Secure Notes Application

| Name                                                                    | Authors                                                                                            | Category           |
| ----------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------- | ------------------ |
| [Intigriti March Challenge (2023)](https://challenge-0323.intigriti.io) | [0xGodson](https://twitter.com/0xGodson_) + [BrunoModificato](https://twitter.com/BrunoModificato) | XSS, CORS, CSP, JS |

## Challenge Description

> Find a way to steal the flag and win Intigriti swag!

## Useful Resources

* [Challenge source code](https://github.com/0xGodson/notes-app-2.0)
* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [CSP evaluator](https://csp-evaluator.withgoogle.com)
* [bfcache](https://web.dev/articles/bfcache)
* [SECCON CTF 2022: Spanote writeup](https://blog.arkark.dev/2022/11/18/seccon-en/#web-spanote)

## Community Writeups

1. [h43z](https://github.com/h43z/writeups/blob/master/0323-intigriti.md)
2. [antonio](https://medium.com/@antonio341375/intigriti-challenge-0323-writeup-5ba6a09ee951)
3. [kevin\_mizu](https://mizu.re/post/intigriti-march-2023-xss-challenge)
4. [abishekvashok](https://github.com/abishekvashok/writeups/blob/main/intigriti/challenge-0323/WRITE_UP.md)
5. [ltsirkov](https://ltsirkov.medium.com/intigriti-challenge-0323-solution-1141ef0fda6a)