# 0921: Password Manager

| Name                                                                        | Authors                                                               | Category  |
| --------------------------------------------------------------------------- | --------------------------------------------------------------------- | --------- |
| [Intigriti September Challenge (2021)](https://challenge-0921.intigriti.io) | [Pepijn van der Stap](https://www.linkedin.com/in/pepijn-v-3637a2175) | XSS, mXSS |

## Video Walkthrough

[![Obfuscated Password Manager?! Solution to September '21 XSS Challenge](https://img.youtube.com/vi/Hy4YPFA7pqA/0.jpg)](https://www.youtube.com/watch?v=Hy4YPFA7pqA)

## Challenge Description

> Find a way to execute arbitrary javascript on the challenge page and win Intigriti swag.

## Useful Resources

* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [Bypassing DOMPurify with mXSS](https://portswigger.net/research/bypassing-dompurify-again-with-mutation-xss)

## Community Writeups

1. [kza](https://klefz.se/2021/09/09/intigritis-september-xss-challenge-2021-write-up/)
2. [jorenverheyen](https://jorenverheyen.github.io/intigriti-September-2021.html)
3. [goku-kaioken](https://github.com/goku-KaioKen/intigriti/blob/main/challenge-writeups/Challenge-0921.pdf)
4. [drleek](https://medium.com/@pr0fessor/intigritis-september-xss-challenge-writeup-a5a771f37dcb)
5. [rahuman\_hamdi](https://medium.com/geekculture/intigriti-challenge-0921-by-bug-emir-pepijn-van-der-stap-f79a4a9b8692)
6. [securaji](https://medium.com/@securaji/intigriti-0921-xss-challenge-writeup-xss-through-namespace-confusion-5f307c8e8d44)
7. [spooky360](https://spooky360.github.io/0921/en.html)