# 0922: 8 Ball

| Name                                                                        | Authors                                    | Category         |
| --------------------------------------------------------------------------- | ------------------------------------------ | ---------------- |
| [Intigriti September Challenge (2022)](https://challenge-0922.intigriti.io) | [IvarsVids](https://twitter.com/IvarsVids) | XSS, PostMessage |

## Video Walkthrough

[![Postmessage XSS?! Solution to September '22 XSS Challenge](https://img.youtube.com/vi/0H-p6WxX0WU/0.jpg)](https://www.youtube.com/watch?v=0H-p6WxX0WU)

## Challenge Description

> Find a way to execute arbitrary javascript on the iFramed page and win Intigriti swag.

## Useful Resources

* [XSS cheatsheet](https://portswigger.net/web-security/cross-site-scripting/cheat-sheet)
* [PostMessage vulnerabilities](https://book.hacktricks.xyz/pentesting-web/postmessage-vulnerabilities)

## Community Writeups

1. [h43z](https://github.com/h43z/writeups/blob/master/0922-intigriti.md)
2. [ivarsvids (challenge creator)](https://medium.com/@ivars.vids/intigriti-0922-xss-challenge-author-writeup-d4cd749302df)