# 0525: Confetti

| Name                                                                  | Authors                                | Category                                                                      |
| --------------------------------------------------------------------- | -------------------------------------- | ----------------------------------------------------------------------------- |
| [Intigriti May Challenge (2025)](https://challenge-0525.intigriti.io) | [joaxcar](https://twitter.com/joaxcar) | HTML Injection, ReDoS, DOM clobbering, URL sanitization bypass, Attacker Page |

## Challenge Description

> Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.! 🏆

## Solution (official writeup from joaxcar)

See it [here](https://joaxcar.com/blog/2025/05/20/confetti-solution-to-my-intigriti-may-xss-challenge/)

## Community Writeups

1. [busf4ctor](https://blog.vitorfalcao.com/posts/intigriti-0525-writeup/)
2. [j0r1an](https://jorianwoltjer.com/blog/p/hacking/intigriti-xss-challenge/0525)
3. [romeokarki](https://blog.romeokarki.com/blog/Intigriti_may_chall)
4. [jorenverheyen](https://jorenverheyen.github.io/intigriti-may-2025.html)
5. [silverpoision](https://silverpoision.github.io/posts/intigriti-challenge-solution0525/)
6. [wa1m3im](https://gist.github.com/Wa1m3im/8066f33f9a7f00c4b5aadcc0343a4c8e)
7. [cybersecu](https://gist.github.com/Siss3l/d6caf94a4789be2ba729f8fbaeb21307)